[nycbug-talk] Adaptive firewalling in FreeBSD -- how can?

[G. Rosamond]

On Oct 25, 2004, at 11:21 AM, csnyder wrote:

> I'm seeing a lot of failed logins for random users in the auth.log
> lately -- something trying out a list of 10-20 username/password
> combinations over ssh.
>
> Is there a simple way to dynamically block hosts with too many (more
> than six) failed ssh logins in a row?
>

Either you can play with MaxStartups or maybe script it . . .into a 
firewall ruleset like with pf.

Have you thought of just using key-based authentication?  It would make 
attempts useless.

g