auth.log & intruder prevention
isachpaz at igd.fhg.de
Tue Jan 24 16:41:06 PST 2006
I was about to develop a perl script.
It, however, seems that bruteforceblocker does what I was looking for.
From: Daniel Gerzo [mailto:danger at rulez.sk]
Sent: Mittwoch, 25. Januar 2006 00:58
To: Ilias.Sachpazidis at igd.fraunhofer.de
Cc: questions at freebsd.org
Subject: Re: auth.log & intruder prevention
On Tue, Jan 24, 2006 at 10:02:26PM +0100, Ilias Sachpazidis wrote:
> Hi Everyone,
> In auth.log of my FreeBSD boxes I got many requests to port 22, as you can
> see below.
> ----begin of snippet
> Jan 22 11:21:50 zeus sshd: Failed password for illegal user
> from 22.214.171.124 port 58344 ssh2
> Jan 22 11:21:53 zeus sshd: Failed password for illegal user hacking
> from 126.96.36.199 port 58443 ssh2
> ----end of snippet
> I am wondering if any script is available to prevent hundreds of attempts
> port 22 from external IPs that constantly checking user & passwords on my
> FreeBSD PCs.
> What I am looking for is a deamon application/script that receives the
> recorded data from auth.log and detects if any remote client (IP address)
> checking user and passwords (Detection pattern: 5 missing attempts in 1
> min). On a successful detection, the script should add an ipfw rule
> rejecting further IP packets from the specific remote address.
> Is any script or something similar available so far?
I've written a BruteForceBlocer, you can install it from ports as well,
Hope you will like it.
More information about the freebsd-questions