Auto blacklist ssh connections ...
Tom Marchand
m0rchand at comcast.net
Wed Sep 17 23:36:06 UTC 2008
Why don't you have sshd listen on a different port? I was getting
1000's of ssh login attempts until I changed the port sshd was
listening on. I've found script kiddies aren't smart enough to check
alt ports.
On Sep 17, 2008, at 7:15 PM, Marc G. Fournier wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Does anyone know of a utility that I can use with sshd to auto-block
> by IP if
> there are more then N failed attempts in a row?
>
> ie:
>
> # grep "Invalid user" /var/log/auth.log| awk '{print $10}' | sort |
> uniq -c |
> sort -nr
> 5268 140.113.210.174
>
> 4863 72.52.225.116
>
> 3586 116.14.255.141
>
> 2918 193.205.186.67
>
> 2033 219.76.75.6
>
> 1308 216.14.127.67
>
> 1059 61.72.106.71
>
> 983 93.123.14.9
>
> 691 202.75.221.197
>
> 649 59.77.33.139
>
> 381 201.80.15.207
>
> 269 190.10.255.73
>
> 212 81.252.254.189
>
> 181 123.151.32.12
>
> 150 211.21.47.50
>
> 139 196.219.63.3
>
> 128 200.111.64.171
>
>
>
> This is for one day ... I'd like to be able to throttle so that
> after X Invalid
> user attempts, the IP gets blocked ...
>
> Possible?
>
> - --
> Marc G. Fournier Hub.Org Hosting Solutions S.A. (http://www.hub.org
> )
> Email . scrappy at hub.org MSN . scrappy at hub.org
> Yahoo . yscrappy Skype: hub.org ICQ . 7615664
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.9 (FreeBSD)
>
> iEYEARECAAYFAkjRj6EACgkQ4QvfyHIvDvOsYQCgyaB3MhvHJk9qShRlovwSAXxx
> 3oQAn2NQ8zLFVO82Udp+mZaojwbfoKmw
> =SuAI
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org
> "
More information about the freebsd-questions
mailing list