From owner-freebsd-questions@FreeBSD.ORG Fri Oct 7 08:12:50 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2268D16A41F for ; Fri, 7 Oct 2005 08:12:50 +0000 (GMT) (envelope-from eayesta@portugalete.uned.es) Received: from hermes-uno.uned.es (hermes-uno.uned.es [62.204.192.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A0BB43D5F for ; Fri, 7 Oct 2005 08:12:46 +0000 (GMT) (envelope-from eayesta@portugalete.uned.es) Received: from hermes-uno.uned.es (localhost.localdomain [127.0.0.1]) by localhost.uned.es (Postfix) with ESMTP id 8213C30D0EE; Fri, 7 Oct 2005 10:12:44 +0200 (CEST) Received: from proxy1-3.uned.es (bm103103-4.uned.es [10.103.103.4]) by hermes-uno.uned.es (Postfix) with ESMTP id 6D4F430D0E1; Fri, 7 Oct 2005 10:12:44 +0200 (CEST) Received: from eu83-213-54-87.clientes.euskaltel.es (eu83-213-54-87.clientes.euskaltel.es [83.213.54.87]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by proxy1-3.uned.es (Postfix) with ESMTP id 5E14E5805C; Fri, 7 Oct 2005 10:12:44 +0200 (CEST) From: Enrique Ayesta Perojo To: Daniel Gerzo Date: Fri, 7 Oct 2005 10:12:34 +0200 User-Agent: KMail/1.8.2 References: <867109688.20051006221846@rulez.sk> In-Reply-To: <867109688.20051006221846@rulez.sk> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200510071012.38464.eayesta@portugalete.uned.es> Cc: questions@freebsd.org Subject: Re: bruteforceblocker + PF X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Oct 2005 08:12:50 -0000 El Osteguna 06 Urria 2005 22:18, Daniel Gerzo escribi=F3: > Hi questions, Enrique Ayesta Perojo, > > > > It seems like bruteforceblocker is running, since you can see > messages in your auth.log. this is good. could you please provide > me info, which version of openssh are you using, so I can debug? I > have som reports, that my bruteforceblocker does not work with > older versions of openssh, since it uses little bit different > format of warnings, so my regexps does not apply. Also, please send > here the format of those messages. > > Thank you. This is the version: OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e 25 Oct 2004 It's a FreeBSD 5.4-p7 box, and here there are some of the messages=20 at /var/log/auth.log: Oct 6 18:29:26 fatboy sshd[28472]: Illegal user jack from 63.67.26.114 Oct 6 18:29:26 fatboy sshd[28472]: reverse mapping checking getaddrinfo fo= r=20 host114.nokia-boston.com failed - POSSIBLE BREAKIN ATTEMPT! Oct 5 18:53:33 fatboy sshd[20731]: Illegal user pepito from 10.200.62.201 Oct 5 18:53:33 fatboy sshd[20731]: Failed unknown for illegal user pepito= =20 from 10.200.62.201 port 44241 ssh2 Thanks again