bruteforceblocker + PF

Enrique Ayesta Perojo eayesta at
Fri Oct 7 01:12:50 PDT 2005

El Osteguna 06 Urria 2005 22:18, Daniel Gerzo escribió:
> Hi questions, Enrique Ayesta Perojo,
> <snip because I have accidently lost the thread :-)>
>    It seems like bruteforceblocker is running, since you can see
>    messages in your auth.log. this is good. could you please provide
>    me info, which version of openssh are you using, so I can debug? I
>    have som reports, that my bruteforceblocker does not work with
>    older versions of openssh, since it uses little bit different
>    format of warnings, so my regexps does not apply. Also, please send
>    here the format of those messages.
>    Thank you.

This is the version:

OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e 25 Oct 2004

It's a FreeBSD 5.4-p7 box, and here there are some of the messages 
at /var/log/auth.log:

Oct  6 18:29:26 fatboy sshd[28472]: Illegal user jack from
Oct  6 18:29:26 fatboy sshd[28472]: reverse mapping checking getaddrinfo for failed - POSSIBLE BREAKIN ATTEMPT!

Oct  5 18:53:33 fatboy sshd[20731]: Illegal user pepito from
Oct  5 18:53:33 fatboy sshd[20731]: Failed unknown for illegal user pepito 
from port 44241 ssh2

Thanks again

More information about the freebsd-questions mailing list