ssh brute force
Andreas Pettersson
andpet at telia.com
Mon Jul 25 16:27:46 GMT 2005
Daniel Gerzo wrote:
>Hello Chris,
>
>Thursday, July 21, 2005, 2:43:08 AM, si tukal:
>
>
>
>>On 7/20/05, Chris Jones <cdjones at novusordo.net> wrote:
>>
>>
>>>I'm looking at having a script look at SSH's log output for repeated
>>>failed connection attempts from the same address, and then blocking that
>>>address through pf (I'm not yet sure whether I want to do it temporarily
>>>or permanently).
>>>
>>>
>>Matt Dillon wrote an app in C to do just that, with ipfw.
>>http://leaf.dragonflybsd.org/mailarchive/users/2005-03/msg00008.html
>>
>>
>>Scott Ullrich modified it to work with pf.
>>http://pfsense.org/cgi-bin/cvsweb.cgi/tools/sshlockout_pf.c
>>
>>
>
>I have made security/bruteforceblocker
>It's a perl script that works with opensshd's logs and pf
>
>
And here is another one, similar to Daniel's, but this one uses ipfw
instead,
AND another neat thing is that a block isn't permanent. There's a janitor
cleaning up ipfw rules after a specified time.
http://anp.ath.cx/sshit/
I made it the other day, so I haven't had time to hardcore test it.
Let me know if it's not working, or if it is ;-)
/Andreas
More information about the freebsd-isp
mailing list