bruteforceblocker + PF
Enrique Ayesta Perojo
eayesta at portugalete.uned.es
Fri Oct 7 01:12:50 PDT 2005
El Osteguna 06 Urria 2005 22:18, Daniel Gerzo escribió:
> Hi questions, Enrique Ayesta Perojo,
>
> <snip because I have accidently lost the thread :-)>
>
> It seems like bruteforceblocker is running, since you can see
> messages in your auth.log. this is good. could you please provide
> me info, which version of openssh are you using, so I can debug? I
> have som reports, that my bruteforceblocker does not work with
> older versions of openssh, since it uses little bit different
> format of warnings, so my regexps does not apply. Also, please send
> here the format of those messages.
>
> Thank you.
This is the version:
OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e 25 Oct 2004
It's a FreeBSD 5.4-p7 box, and here there are some of the messages
at /var/log/auth.log:
Oct 6 18:29:26 fatboy sshd[28472]: Illegal user jack from 63.67.26.114
Oct 6 18:29:26 fatboy sshd[28472]: reverse mapping checking getaddrinfo for
host114.nokia-boston.com failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 18:53:33 fatboy sshd[20731]: Illegal user pepito from 10.200.62.201
Oct 5 18:53:33 fatboy sshd[20731]: Failed unknown for illegal user pepito
from 10.200.62.201 port 44241 ssh2
Thanks again
More information about the freebsd-questions
mailing list