Auto blacklist ssh connections ...
Vulpes Velox
v.velox at vvelox.net
Wed Sep 17 23:40:48 UTC 2008
On Wed, 17 Sep 2008 20:15:45 -0300
"Marc G. Fournier" <scrappy at hub.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Does anyone know of a utility that I can use with sshd to
> auto-block by IP if there are more then N failed attempts in a row?
>
> ie:
>
> # grep "Invalid user" /var/log/auth.log| awk '{print $10}' | sort |
> uniq -c | sort -nr
> 5268 140.113.210.174
>
> 4863 72.52.225.116
>
> 3586 116.14.255.141
>
> 2918 193.205.186.67
>
> 2033 219.76.75.6
>
> 1308 216.14.127.67
>
> 1059 61.72.106.71
>
> 983 93.123.14.9
>
> 691 202.75.221.197
>
> 649 59.77.33.139
>
> 381 201.80.15.207
>
> 269 190.10.255.73
>
> 212 81.252.254.189
>
> 181 123.151.32.12
>
> 150 211.21.47.50
>
> 139 196.219.63.3
>
> 128 200.111.64.171
>
>
>
> This is for one day ... I'd like to be able to throttle so that
> after X Invalid user attempts, the IP gets blocked ...
>
> Possible?
security/sshguard
security/blocksshd
security/denyhosts
security/bruteforceblocker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080917/b2036b5a/signature.pgp
More information about the freebsd-questions
mailing list