bruteforceblocker + PF
Daniel Gerzo
danger at rulez.sk
Thu Oct 6 13:37:11 PDT 2005
Hi Dave,
Thursday, October 6, 2005, 10:24:20 PM, you wrote about:
> Hello,
> I've got bruetforceblocker going with pf, i just installed the port. My
> box is a 5.4 machine. I have it going on my lan server, which does ssh for
> my network, it's the box you'll hit if you ssh in as opposed to the firewall
> box. It's adding ip's to the table, but it's doing it staggeringly, i see
> activity in my logs where atempts are made and then the IP's keep coming
> back as if they're not being blocked.
I'm running BruteForceBlocker on a bunch of the boxes and I have no
problem with it. can you check the pf table, if it is growing? Can you
also see messages like:
User root from 67.15.192.35 not allowed because not listed in AllowUsers
67.15.192.35 was logged with total count of 1.
Failed password for invalid user root from 67.15.192.35 port 36082 ssh2
67.15.192.35 was logged with total count of 2.
User root from 67.15.192.35 not allowed because not listed in AllowUsers
67.15.192.35 was logged with total count of 3.
Failed password for invalid user root from 67.15.192.35 port 36111 ssh2
IP 67.15.192.35 reached the maximum number of failed attempts!!!
Adding IP to the firewall...
in your auth logfile?
If you want to check the pf table use command like:
# pfctl -t bruteforce -T show
> Thanks.
> Dave.
--
Best Regards,
Daniel Gerzo
More information about the freebsd-questions
mailing list