system is under attack (what can I do more?)
repcsike at gmail.com
Fri Jun 18 12:31:12 UTC 2010
1, maybe the line with the rule is in a bad place in the conf, but even if
it's working it's possible that it wont be triggered. As far as I can see
there are 30 sec interval pauses between attacks from one host. Your rule is
looking for connections in 30 sec ranges.
2,You should use a program that monitors the logs, and then passes the ips
after 3 unsuccessful logins to the bruteforce table.
See bruteforceblocker, but there are a bunch of other programs for this.
More information about the freebsd-questions