Source and state limiters introduced in pf
https://www.undeadly.org/cgi?action=article;sid=20251112132639 #openbsd #pf #networking #statelimiters #sourcelimiters #statetracking #packetfilter #security #freesoftware #libressoftware
"This change has our resident packet manglers quite excited, and they think it will likely be a signature feature that will make the not-too-distant OpenBSD 7.9 release even more of an Internet favorite."
The long version of why you need key authentication for your SSH servers - "The Hail Mary Cloud and the lessons learned" https://nxdomain.no/~peter/hailmary_lessons_learned.html #ssh #keys #passwordgroping #unix #linux #openbsd #freebsd #pf #packetfilter #statetracking #blocklists #cybercrime #hacking
Also, The 4th edition of the Book of PF is coming soon: https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html
Whenever I see the a "How to protect your #SSH server against #bruteforce attacks" post or article centered on some #Linux woodo, I always think to post about how easy it is to deal with those on #OpenBSD and #FreeBSD with #PF add #statetracking options: As in https://home.nuug.no/~peter/pf/en/bruteforce.html, supplemented with https://nxdomain.no/~peter/forcing_the_password_gropers_through_a_smaller_hole.html, alternatively the PF tutorial https://nxdomain.no/~peter/pf_fullday.pdf and of course The Book of PF, https://nostarch.com/pf3
Also the slowpoke version: https://nxdomain.no/~peter/hailmary_lessons_learned.html
@pugmiester @mms@emacs.ch Thanks for the mention!
The basics are outlined in (at least) https://home.nuug.no/~peter/pf/en/bruteforce.html with some embellishments in https://nxdomain.no/~peter/forcing_the_password_gropers_through_a_smaller_hole.html and links therein (also with nicer formatting but trackers at https://bsdly.blogspot.com/2017/04/forcing-password-gropers-through.html).
And of course The Book of PF (https://nostarch.com/pf3 or reputable bookshops)
Peter N. M. Hansteen