auth.log & intruder prevention
Paul Hamilton
paulh at bdug.org.au
Wed Jan 25 19:03:55 PST 2006
Hi Daniel,
On your web site, you show how easy it is to convert to IPTABLES. I presume
then it would be quite easy to reconfigure to use IPFW as well?
Cheers,
Paul
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Daniel Gerzo
> Sent: Wednesday, 25 January 2006 7:58 AM
> To: Ilias.Sachpazidis at igd.fraunhofer.de
> Cc: questions at freebsd.org
> Subject: Re: auth.log & intruder prevention
>
>
> On Tue, Jan 24, 2006 at 10:02:26PM +0100, Ilias Sachpazidis wrote:
> > Hi Everyone,
>
> hello,
>
> >
> > In auth.log of my FreeBSD boxes I got many requests to port
> 22, as you
> > can see below. ----begin of snippet
> > Jan 22 11:21:50 zeus sshd[92900]: Failed password for
> illegal user cracking
> > from 65.208.188.105 port 58344 ssh2
> > Jan 22 11:21:53 zeus sshd[92902]: Failed password for
> illegal user hacking
> > from 65.208.188.105 port 58443 ssh2
> > ----end of snippet
> >
> > I am wondering if any script is available to prevent hundreds of
> > attempts on port 22 from external IPs that constantly
> checking user &
> > passwords on my FreeBSD PCs.
> >
> > What I am looking for is a deamon application/script that
> receives the
> > recorded data from auth.log and detects if any remote client (IP
> > address) is checking user and passwords (Detection pattern:
> 5 missing
> > attempts in 1 min). On a successful detection, the script
> should add
> > an ipfw rule rejecting further IP packets from the specific remote
> > address.
> >
> > Is any script or something similar available so far?
>
> I've written a BruteForceBlocer, you can install it from
> ports as well, check security/bruteforceblocker.
>
> Hope you will like it.
>
> --
> Sincerely,
> Daniel Gerzo
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
>
More information about the freebsd-questions
mailing list