auth.log & intruder prevention
paulh at bdug.org.au
Wed Jan 25 19:03:55 PST 2006
On your web site, you show how easy it is to convert to IPTABLES. I presume
then it would be quite easy to reconfigure to use IPFW as well?
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Daniel Gerzo
> Sent: Wednesday, 25 January 2006 7:58 AM
> To: Ilias.Sachpazidis at igd.fraunhofer.de
> Cc: questions at freebsd.org
> Subject: Re: auth.log & intruder prevention
> On Tue, Jan 24, 2006 at 10:02:26PM +0100, Ilias Sachpazidis wrote:
> > Hi Everyone,
> > In auth.log of my FreeBSD boxes I got many requests to port
> 22, as you
> > can see below. ----begin of snippet
> > Jan 22 11:21:50 zeus sshd: Failed password for
> illegal user cracking
> > from 184.108.40.206 port 58344 ssh2
> > Jan 22 11:21:53 zeus sshd: Failed password for
> illegal user hacking
> > from 220.127.116.11 port 58443 ssh2
> > ----end of snippet
> > I am wondering if any script is available to prevent hundreds of
> > attempts on port 22 from external IPs that constantly
> checking user &
> > passwords on my FreeBSD PCs.
> > What I am looking for is a deamon application/script that
> receives the
> > recorded data from auth.log and detects if any remote client (IP
> > address) is checking user and passwords (Detection pattern:
> 5 missing
> > attempts in 1 min). On a successful detection, the script
> should add
> > an ipfw rule rejecting further IP packets from the specific remote
> > address.
> > Is any script or something similar available so far?
> I've written a BruteForceBlocer, you can install it from
> ports as well, check security/bruteforceblocker.
> Hope you will like it.
> Daniel Gerzo
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions