One common method attackers use when attempting to compromise a server is brute forcing login credentials. Given enough time, automated tools can guess a person’s username and password, granting the attacker access to an unprotected server. To counter these sorts of attacks, where passwords are guessed by trial and error, several tools have been created. Utilities such as Fail2Ban and DenyHost monitor login attempts and automatically block the computers performing these types of attacks.
Last week the DenyHost project added a feature which allows the utility to block attacks by using the PF firewall. PF is typically used on the OpenBSD and FreeBSD operating systems to block or forward network traffic. The project’s website reports:
DenyHost 2.9 adds one new feature, the ability to work with the PF packet filter, popular on BSD systems such as FreeBSD, OpenBSD, NetBSD, PC-BSD and TrueOS. The DenyHost daemon will now work with existing PF tables in real time, allowing administrators to block incoming secure shell connections at the firewall level. Examples of how to set up the appropriate PF rules and enable DenyHost to work with PF are available in the DenyHost configuration file (denyhosts.conf).