Now that I have OpenBSD installed on my RAID server at work, I figured that I would write a few tutorials about the things I have done with it. If for nothing else, so I can remember and repeat them if something happens.
I noticed looking at /var/log/authlog that a significant number of failed attempts at root and invalid user login attempts were occurring from seemingly random IP addresses (thousands of dictionary attacks). These are probably boxen that have been hacked into and they haven’t figured it out yet. My first approach was to use pf(4) to filter these IP addresses. With this I found simple pf.conf code using tables and reject code to reject an IP address list.
This worked well and good until I realized the endless array of hacked boxen out there. So I had to figure out something more.
