Auto blacklist ssh connections ...
freebsdemail at gmail.com
freebsdemail at gmail.com
Wed Sep 17 23:19:44 UTC 2008
Grock and swatch are two that are pretty flexible and would do what you want. They are both in ports.
Sent from my BlackBerry device on the Rogers Wireless Network
-----Original Message-----
From: "Marc G. Fournier" <scrappy at hub.org>
Date: Wed, 17 Sep 2008 20:15:45
To: <freebsd-questions at freebsd.org>
Subject: Auto blacklist ssh connections ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Does anyone know of a utility that I can use with sshd to auto-block by IP if
there are more then N failed attempts in a row?
ie:
# grep "Invalid user" /var/log/auth.log| awk '{print $10}' | sort | uniq -c |
sort -nr
5268 140.113.210.174
4863 72.52.225.116
3586 116.14.255.141
2918 193.205.186.67
2033 219.76.75.6
1308 216.14.127.67
1059 61.72.106.71
983 93.123.14.9
691 202.75.221.197
649 59.77.33.139
381 201.80.15.207
269 190.10.255.73
212 81.252.254.189
181 123.151.32.12
150 211.21.47.50
139 196.219.63.3
128 200.111.64.171
This is for one day ... I'd like to be able to throttle so that after X Invalid
user attempts, the IP gets blocked ...
Possible?
- --
Marc G. Fournier Hub.Org Hosting Solutions S.A. (http://www.hub.org)
Email . scrappy at hub.org MSN . scrappy at hub.org
Yahoo . yscrappy Skype: hub.org ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
iEYEARECAAYFAkjRj6EACgkQ4QvfyHIvDvOsYQCgyaB3MhvHJk9qShRlovwSAXxx
3oQAn2NQ8zLFVO82Udp+mZaojwbfoKmw
=SuAI
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list