From owner-freebsd-isp@FreeBSD.ORG Mon Jul 18 09:53:04 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E4F316A41C for ; Mon, 18 Jul 2005 09:53:04 +0000 (GMT) (envelope-from gamesomedude@yahoo.com) Received: from web33913.mail.mud.yahoo.com (web33913.mail.mud.yahoo.com [66.163.178.77]) by mx1.FreeBSD.org (Postfix) with SMTP id CEAAC43D46 for ; Mon, 18 Jul 2005 09:53:03 +0000 (GMT) (envelope-from gamesomedude@yahoo.com) Received: (qmail 20648 invoked by uid 60001); 18 Jul 2005 09:53:03 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=gPEgaaG5VS6y0sY/y5psLXAIUaaVO2CZsW+ENzm1lDLny7nBv9mkexFhSZIrL8xzDjbOWrxoQs1t3i75ZVQLhm1pRUrNOp+wpnxehoz8+kv3jQuhcNqLEsKFFzTHvkJrL2py4DaY/nwaD3sfKx4P15IQ8IYnGFxtBEezxY5yktw= ; Message-ID: <20050718095303.20646.qmail@web33913.mail.mud.yahoo.com> Received: from [66.163.130.57] by web33913.mail.mud.yahoo.com via HTTP; Mon, 18 Jul 2005 02:53:03 PDT Date: Mon, 18 Jul 2005 02:53:03 -0700 (PDT) From: Tannis McLaine To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Seeking Mail Server Suggestions X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jul 2005 09:53:04 -0000 I'm not new to FreeBSD or Apache, but I am new to the world of email serving. Some of my friends and classmates have a server for hosting our project websites on several domains, but we don't currently host our own email. (Sendmail scared us!!) We have been doing some research into the topic and have found lots of information on specific areas, but no good general discussion. Because of this, I ask you for your experienced advice. What do you recommend we look into for running our own complete mail system? Our current setup is explained below, as are our goals for email. We don't see instructions, just some advice and pointers, such as which daemons/packages to user and which to avoid. Currently: * FreeBSD 5.4 on 933 MHz Pentium3, 768 MB RAM * Apache * ~12 user accounts, ~6 groups * Perl scripts to handle adding/deleting users and maintaining web space for projects and for users. * No databases, just perl scripts and flat files. Email Goals: * Incoming (via Postfix?) * Outgoing (via Postfix and POP-before-SMTP or other authentication?) * IMAP and POP3 (Courier?) * Webmail (OpenWebMail or maybe SquirrelMail) * Spam filtering (via SpamAssassin?) One other additional goal is to maybe implement some sort of user database to help maintain the server (or a cluster of servers) as our needs grow. Maybe something with OpenLDAP or MySQL. It might be handy to have various flags/settings for each user account, to enable or disable "features" like "SSH Shell Access" or to adjust quotas for each user from a central location. We don't want or need anything overly complex or pre-fab, but it would be nice to automate and organize some of this information and these tasks. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-isp@FreeBSD.ORG Mon Jul 18 10:20:58 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B318D16A41F for ; Mon, 18 Jul 2005 10:20:58 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id E3F1F43D49 for ; Mon, 18 Jul 2005 10:20:57 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from 217-13-2-82.dd.nextgentel.com ([217.13.2.82] helo=h311r4z3r) by mail.yazzy.org with esmtps (TLSv1:AES256-SHA:256) (YazzY.org) id 1DuSju-0006x0-6N; Mon, 18 Jul 2005 12:20:47 +0200 Date: Mon, 18 Jul 2005 12:20:57 +0200 From: Marcin Jessa To: Tannis McLaine Message-Id: <20050718122057.6375e3ab.lists@yazzy.org> In-Reply-To: <20050718095303.20646.qmail@web33913.mail.mud.yahoo.com> References: <20050718095303.20646.qmail@web33913.mail.mud.yahoo.com> Organization: YazzY.org X-Mailer: Sylpheed version 1.9.12 (GTK+ 2.6.8; i386-portbld-freebsd6.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -2.5 (--) Cc: freebsd-isp@freebsd.org Subject: Re: Seeking Mail Server Suggestions X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jul 2005 10:20:58 -0000 On Mon, 18 Jul 2005 02:53:03 -0700 (PDT) Tannis McLaine wrote: > I'm not new to FreeBSD or Apache, but I am new to the > world of email serving. Some of my friends and > classmates have a server for hosting our project > websites on several domains, but we don't currently > host our own email. (Sendmail scared us!!) We have > been doing some research into the topic and have found > lots of information on specific areas, but no good > general discussion. Because of this, I ask you for > your experienced advice. What do you recommend we look > into for running our own complete mail system? Our > current setup is explained below, as are our goals for > email. We don't see instructions, just some advice and > pointers, such as which daemons/packages to user and > which to avoid. > > Currently: > * FreeBSD 5.4 on 933 MHz Pentium3, 768 MB RAM > * Apache > * ~12 user accounts, ~6 groups > * Perl scripts to handle adding/deleting users and > maintaining web space for projects and for users. > * No databases, just perl scripts and flat files. > > Email Goals: > * Incoming (via Postfix?) > * Outgoing (via Postfix and POP-before-SMTP or other > authentication?) > * IMAP and POP3 (Courier?) > * Webmail (OpenWebMail or maybe SquirrelMail) > * Spam filtering (via SpamAssassin?) > One other additional goal is to maybe implement some > sort of user database to help maintain the server (or > a cluster of servers) as our needs grow. Maybe > something with OpenLDAP or MySQL. It might be handy to > have various flags/settings for each user account, to > enable or disable "features" like "SSH Shell Access" > or to adjust quotas for each user from a central > location. We don't want or need anything overly > complex or pre-fab, but it would be nice to automate > and organize some of this information and these tasks. Check out http://high5.net/postfixadmin/ There are also commercial solutions, but I assume you don't want that. Cheers, Marcin Jessa From owner-freebsd-isp@FreeBSD.ORG Mon Jul 18 12:09:32 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D52216A41C for ; Mon, 18 Jul 2005 12:09:32 +0000 (GMT) (envelope-from michael@staff.openaccess.org) Received: from smtp.openaccess.org (smtp.openaccess.org [66.165.52.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC3AF43D45 for ; Mon, 18 Jul 2005 12:09:31 +0000 (GMT) (envelope-from michael@staff.openaccess.org) Received: from [216.57.214.90] (unknown [216.57.214.90]) by smtp.openaccess.org (Postfix) with ESMTP id 942A76D4335; Mon, 18 Jul 2005 05:08:41 -0700 (PDT) In-Reply-To: <20050718095303.20646.qmail@web33913.mail.mud.yahoo.com> References: <20050718095303.20646.qmail@web33913.mail.mud.yahoo.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <9f3229bc06d0d5e39810005ec9bd3ea6@staff.openaccess.org> Content-Transfer-Encoding: 7bit From: Michael DeMan Date: Mon, 18 Jul 2005 05:09:29 -0700 To: Tannis McLaine X-Mailer: Apple Mail (2.622) Cc: freebsd-isp@freebsd.org Subject: Re: Seeking Mail Server Suggestions X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jul 2005 12:09:32 -0000 Hi, We run qpopper, uw-imap and squirrelmail (to provide a web-ui). Technically speaking, this is supposedly not the ideal setup but it works great for a couple thousand e-mail accounts. I have heard that Courier Cyrus is far better. One nice thing, qpopper has a 'uw-imap hack' option. UW-imap puts a special mail entry at the beginning of the MBOX that has something do with managing its mail and with this option, qpopper is smart enough to ignore it. We also use postfix for SMTP. We converted from sendmail about a year and a half ago and I would highly recommend it. The configuration files, once you get familiar with them, are far easier to handle than sendmail. If you want spam filtering, there is a nice open source project that if you know a little HTML you can make the web-ui look prettier. Its very complicated to setup but again seems to make our residential customers happy - www.renaissoft.com/maia/. I would highly recommend simply getting SpamAssassin working first, then worrying about configuring Maia if you want. For your user home folders, have your add-user script create a subdirectory www and mail in each home folder. Modify apache to go to ~/www for user accounts and your FTP server. Have uw-imap/squirrelmail utilize ~/mail. That way your customer mails for IMAP are stored in their home directories but they never see it. Again, I'm not saying this is the best setup, but it has worked well for us over the years. As far as account management goes, we have custom software on the back end that we have built up over the years that provides tight integration with our automated billing systems. For starting from scratch, you might be able to find something on the internet, or just start crafting your own shell/perl scripts, and once you have them fine tuned, slap a web-ui on the front of them. You may want to consider writing these scripts in PHP instead since then you can probably bolt the web-ui in front of it more quickly. Michael F. DeMan Director of Technology OpenAccess Network Services Bellingham, WA 98225 michael@staff.openaccess.org 360-647-0785 On Jul 18, 2005, at 2:53 AM, Tannis McLaine wrote: > I'm not new to FreeBSD or Apache, but I am new to the > world of email serving. Some of my friends and > classmates have a server for hosting our project > websites on several domains, but we don't currently > host our own email. (Sendmail scared us!!) We have > been doing some research into the topic and have found > lots of information on specific areas, but no good > general discussion. Because of this, I ask you for > your experienced advice. What do you recommend we look > into for running our own complete mail system? Our > current setup is explained below, as are our goals for > email. We don't see instructions, just some advice and > pointers, such as which daemons/packages to user and > which to avoid. > > Currently: > * FreeBSD 5.4 on 933 MHz Pentium3, 768 MB RAM > * Apache > * ~12 user accounts, ~6 groups > * Perl scripts to handle adding/deleting users and > maintaining web space for projects and for users. > * No databases, just perl scripts and flat files. > > Email Goals: > * Incoming (via Postfix?) > * Outgoing (via Postfix and POP-before-SMTP or other > authentication?) > * IMAP and POP3 (Courier?) > * Webmail (OpenWebMail or maybe SquirrelMail) > * Spam filtering (via SpamAssassin?) > > One other additional goal is to maybe implement some > sort of user database to help maintain the server (or > a cluster of servers) as our needs grow. Maybe > something with OpenLDAP or MySQL. It might be handy to > have various flags/settings for each user account, to > enable or disable "features" like "SSH Shell Access" > or to adjust quotas for each user from a central > location. We don't want or need anything overly > complex or pre-fab, but it would be nice to automate > and organize some of this information and these tasks. > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Tue Jul 19 08:03:34 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE10316A41C for ; Tue, 19 Jul 2005 08:03:34 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6574543D45 for ; Tue, 19 Jul 2005 08:03:34 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from 217-13-2-82.dd.nextgentel.com ([217.13.2.82] helo=h311r4z3r) by mail.yazzy.org with esmtps (TLSv1:AES256-SHA:256) (YazzY.org) id 1Dun4T-0001xC-Fv for freebsd-isp@freebsd.org; Tue, 19 Jul 2005 10:03:22 +0200 Date: Tue, 19 Jul 2005 10:03:30 +0200 From: Marcin Jessa To: FreeBSD-ISP Message-Id: <20050719100330.26489452.lists@yazzy.org> Organization: YazzY.org X-Mailer: Sylpheed version 1.9.12 (GTK+ 2.6.8; i386-portbld-freebsd6.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -2.5 (--) Subject: WISP management system X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2005 08:03:34 -0000 Hi guys. I wonder if you use or know of a network management system which would be ideal for wireless ISP. It needs to have an userfriendly way to create rddtool graphs over access points, routers, customers's gear and local smtp/radius/http services, like Cacti. It needs to have a per user sorting of graphs. Each of the users should have access only to hers own network nodes. It needs a way to create a map over links/nodes/locations. It should be able to show status of every device (up, down, slow response time, etc). Cheers, Marcin Jessa From owner-freebsd-isp@FreeBSD.ORG Mon Jul 18 15:48:04 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6EBEC16A41C for ; Mon, 18 Jul 2005 15:48:04 +0000 (GMT) (envelope-from skemokai@ora.fda.gov) Received: from walltiger-pub.fda.gov (walltiger-pub.fda.gov [150.148.0.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6A2443D5E for ; Mon, 18 Jul 2005 15:48:02 +0000 (GMT) (envelope-from skemokai@ora.fda.gov) Received: from orshq08a.fda.gov by walltiger-pub.fda.gov via smtpd (for mx1.freebsd.org [216.136.204.125]) with ESMTP; Mon, 18 Jul 2005 11:48:02 -0400 Received: by orshq08a.fda.gov with Internet Mail Service (5.5.2657.72) id ; Mon, 18 Jul 2005 11:48:01 -0400 Message-ID: <173F24598317CF41A77A4715C41016250BD222@orwmcrphido07.fda.gov> From: "Kemokai, Saffa" To: "'freebsd-isp@freebsd.org'" , "'freebsd-questions@freebsd.org.'" Date: Mon, 18 Jul 2005 11:47:49 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) X-Mailman-Approved-At: Tue, 19 Jul 2005 13:15:02 +0000 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "'norwoh@sulima.com'" Subject: Hardware issue X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jul 2005 15:48:04 -0000 There used to be a list for FreeBSD hardware vendors. I bought a U-Server with Intel Celeron CPU recently from eRacks.com that turns out to be extremely noisy. I am planning on returning it but if I can find where I can get quiet hit-sink fan for it, I might retain it instead of wasting money and time sending it back-n-forth. This is my second purchase from this group but I don't think there will be a third one! Please reply to norwoh@sulima.com Thanks, Saffa Kemokai, MCP, MCSA, MCSE (W2K) Tel. (215) 597-4390 X4107 <===============================> Information Technology Specialist Food & Drug Administration Philadelphia Regional Office From owner-freebsd-isp@FreeBSD.ORG Tue Jul 19 16:27:52 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BC4016A41F for ; Tue, 19 Jul 2005 16:27:52 +0000 (GMT) (envelope-from troy@psknet.com) Received: from psknet.com (kennedy.psknet.com [63.171.251.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF27E43D46 for ; Tue, 19 Jul 2005 16:27:51 +0000 (GMT) (envelope-from troy@psknet.com) Received: from dilbert.psknet.com ([63.171.251.35]) by psknet.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.43 (FreeBSD)) id 1Duuwg-000DKJ-Nv for freebsd-isp@freebsd.org; Tue, 19 Jul 2005 12:27:51 -0400 Message-ID: <42DD2A06.8090106@psknet.com> Date: Tue, 19 Jul 2005 12:27:50 -0400 From: Troy Settle User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: I'm stupid X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2005 16:27:52 -0000 Ok, I'm stupid... I pulled some old servers out of service, one of which is a 2.8Ghz P4 w/HTT that I was going to turn into a web server. So, I called up one of my favorite vendors and asked them for a 4 disk SATA RAID solution. They came up with a really slick sounding setup: 3Ware 9000-something (listed as supported under 5.x) 4x 80GB/8MB SATA Drives Rhino (or something) hot-swap SATA cage... It all arrived today, and to my suprise, the 3ware card is a @#$@# 64bit PCI card... not going to work in /any/ of the recycled servers I'm wanting to build. I mean, come on... if I was going to invest in a high-end server board with 64bit PCI slots, I wouldn't waste my time with SATA, it'd be U320 all the way. Of course, I could have just used an old AMI Megaraid 266 controller w/U2W drives, but not ONE of my P4 boards will even boot with the thing... Anyone have any reccomendations on a reliable, 32-bit PCI, 4-port SATA raid(5) controller for FreeBSD 5.x? Thanks, -- Troy Settle Pulaski Networks 866.477.5638 http://www.psknet.com From owner-freebsd-isp@FreeBSD.ORG Tue Jul 19 16:45:15 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1A9716A41F for ; Tue, 19 Jul 2005 16:45:15 +0000 (GMT) (envelope-from jnh@illithid.aug.com) Received: from illithid.aug.com (illithid.aug.com [68.208.140.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BBDC43D49 for ; Tue, 19 Jul 2005 16:45:15 +0000 (GMT) (envelope-from jnh@illithid.aug.com) Received: by illithid.aug.com (Postfix, from userid 1000) id 716051B319; Tue, 19 Jul 2005 12:45:14 -0400 (EDT) Date: Tue, 19 Jul 2005 12:45:14 -0400 From: Jordan Hazen To: Troy Settle Message-ID: <20050719164514.GA25118@aug.com> References: <42DD2A06.8090106@psknet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42DD2A06.8090106@psknet.com> User-Agent: Mutt/1.5.6i Cc: freebsd-isp@freebsd.org Subject: Re: I'm stupid X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2005 16:45:16 -0000 On Tue, Jul 19, 2005 at 12:27:50PM -0400, Troy Settle wrote: > > Ok, I'm stupid... > > I pulled some old servers out of service, one of which is a 2.8Ghz P4 > w/HTT that I was going to turn into a web server. So, I called up one > of my favorite vendors and asked them for a 4 disk SATA RAID solution. > They came up with a really slick sounding setup: > > 3Ware 9000-something (listed as supported under 5.x) > 4x 80GB/8MB SATA Drives > Rhino (or something) hot-swap SATA cage... > > It all arrived today, and to my suprise, the 3ware card is a @#$@# 64bit > PCI card... not going to work in /any/ of the recycled servers I'm > wanting to build. I mean, come on... if I was going to invest in a > high-end server board with 64bit PCI slots, I wouldn't waste my time > with SATA, it'd be U320 all the way. Have you tried inserting that in a normal PCI slot, and just letting its 64-bit extension part hang off the edge? Most such cards I've encountered (e.g. Adaptec & DPT RAID & SCSI controllers) will fall back to 32-bit mode as needed. The 3.3V vs. 5V slot difference smight still give you trouble. Some cards will accept either voltage. Those that can't will be keyed to prevent insertion in the wrong type of slot, so if it will physically fit, there should be no harm in trying. -- Jordan. From owner-freebsd-isp@FreeBSD.ORG Tue Jul 19 17:47:58 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A0EE16A41F for ; Tue, 19 Jul 2005 17:47:58 +0000 (GMT) (envelope-from cbuechler@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 04A1243D46 for ; Tue, 19 Jul 2005 17:47:55 +0000 (GMT) (envelope-from cbuechler@gmail.com) Received: by wproxy.gmail.com with SMTP id i13so1272358wra for ; Tue, 19 Jul 2005 10:47:54 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=IAf7mUyIryyOpLn15nFBu+lWffaNs6CQ7Qw+2owZwQ7pGljpr0yUrka59+T8YS8B4iYZVkRbdPmuGjI4RONZyX9oD6GVc7lrv7TiJavqdsDt6hce+5JpoKzh2fCJsIUvLpdouOi/vmQskZ3JBFuKvNHtEWxTjwo5/vYqAYsQHbE= Received: by 10.54.157.14 with SMTP id f14mr826518wre; Tue, 19 Jul 2005 10:47:13 -0700 (PDT) Received: by 10.54.80.17 with HTTP; Tue, 19 Jul 2005 10:47:13 -0700 (PDT) Message-ID: Date: Tue, 19 Jul 2005 13:47:13 -0400 From: Chris Buechler To: Troy Settle In-Reply-To: <42DD2A06.8090106@psknet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <42DD2A06.8090106@psknet.com> Cc: freebsd-isp@freebsd.org Subject: Re: I'm stupid X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Chris Buechler List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2005 17:47:58 -0000 On 7/19/05, Troy Settle wrote: >=20 > Ok, I'm stupid... >=20 > I pulled some old servers out of service, one of which is a 2.8Ghz P4 > w/HTT that I was going to turn into a web server. So, I called up one > of my favorite vendors and asked them for a 4 disk SATA RAID solution. > They came up with a really slick sounding setup: >=20 > 3Ware 9000-something (listed as supported under 5.x) > 4x 80GB/8MB SATA Drives > Rhino (or something) hot-swap SATA cage... >=20 > It all arrived today, and to my suprise, the 3ware card is a @#$@# 64bit > PCI card... =20 I run a 64 bit PCI 3ware 8 port IDE RAID card in a 32 bit PCI slot on an old dual P3 500 SuperMicro motherboard. Works fine. As the last poster suggested, this will probably work fine in a 32 bit slot. Granted you're probably not going to get the full throughput in a 32 bit slot especially if there's anything else on the PCI bus. But if you cared that much about I/O, you'd likely go SCSI anyway. -Chris From owner-freebsd-isp@FreeBSD.ORG Tue Jul 19 17:49:52 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 77CB916A41F for ; Tue, 19 Jul 2005 17:49:52 +0000 (GMT) (envelope-from simon@optinet.com) Received: from cobra.acceleratedweb.net (cobra-gw.acceleratedweb.net [207.99.79.37]) by mx1.FreeBSD.org (Postfix) with SMTP id 107AA43D45 for ; Tue, 19 Jul 2005 17:49:51 +0000 (GMT) (envelope-from simon@optinet.com) Received: (qmail 30327 invoked by uid 110); 19 Jul 2005 17:49:50 -0000 Received: from ool-18ba9d5e.dyn.optonline.net (HELO win2kpc1) (simon%optinet.com@24.186.157.94) by cobra.acceleratedweb.net with SMTP; 19 Jul 2005 17:49:50 -0000 From: "Simon" To: "freebsd-isp@freebsd.org" , "Troy Settle" Date: Tue, 19 Jul 2005 13:49:52 -0400 Priority: Normal X-Mailer: PMMail 2000 Professional (2.20.2661) For Windows 2000 (5.0.2195;4) In-Reply-To: <42DD2A06.8090106@psknet.com> MIME-Version: 1.0 Message-Id: <20050719174951.107AA43D45@mx1.FreeBSD.org> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: I'm stupid X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2005 17:49:53 -0000 I would check the manual (don't just try it, you might burn it) to see if the card is backward compatible, a lot are. -Simon On Tue, 19 Jul 2005 12:27:50 -0400, Troy Settle wrote: > >Ok, I'm stupid... > >I pulled some old servers out of service, one of which is a 2.8Ghz P4 >w/HTT that I was going to turn into a web server. So, I called up one >of my favorite vendors and asked them for a 4 disk SATA RAID solution. >They came up with a really slick sounding setup: > > 3Ware 9000-something (listed as supported under 5.x) > 4x 80GB/8MB SATA Drives > Rhino (or something) hot-swap SATA cage... > >It all arrived today, and to my suprise, the 3ware card is a @#$@# 64bit >PCI card... not going to work in /any/ of the recycled servers I'm >wanting to build. I mean, come on... if I was going to invest in a >high-end server board with 64bit PCI slots, I wouldn't waste my time >with SATA, it'd be U320 all the way. > >Of course, I could have just used an old AMI Megaraid 266 controller >w/U2W drives, but not ONE of my P4 boards will even boot with the thing... > >Anyone have any reccomendations on a reliable, 32-bit PCI, 4-port SATA >raid(5) controller for FreeBSD 5.x? > > >Thanks, > >-- > Troy Settle > Pulaski Networks > 866.477.5638 > http://www.psknet.com >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Tue Jul 19 19:12:55 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3DA616A41F for ; Tue, 19 Jul 2005 19:12:55 +0000 (GMT) (envelope-from todor.dragnev@gmail.com) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5130C43D45 for ; Tue, 19 Jul 2005 19:12:55 +0000 (GMT) (envelope-from todor.dragnev@gmail.com) Received: by rproxy.gmail.com with SMTP id c51so843953rne for ; Tue, 19 Jul 2005 12:12:54 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=TnGFPLAPeJFzoFoAirWCMPdrbMex8BaheYob0vBv67EoMiAtfLRSn0nMDSvDrytuuqiqUhVFOKgaSO66Uf4FvkVChds4QSzi6gIYrZFWhhif3zyjvjDG0lvscGsBEt4/z2a7plvy/Dqq5v/iuDkqGLYc4g5FEFqs3r66lqOGfc8= Received: by 10.39.2.68 with SMTP id e68mr1418214rni; Tue, 19 Jul 2005 12:12:52 -0700 (PDT) Received: by 10.38.208.32 with HTTP; Tue, 19 Jul 2005 12:12:52 -0700 (PDT) Message-ID: Date: Tue, 19 Jul 2005 22:12:52 +0300 From: Todor Dragnev To: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: ssh brute force X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Todor Dragnev List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2005 19:12:55 -0000 Hello,=20 This email may be is not for this mailing list, but with this problem more and more ISP have troubles. I want to block ssh dictionary attack with freebsd. I found nice solution with iptables for linux: iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags FIN,ACK FIN,ACK --dport 22 -m recent --name sshattack --set iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags RST RST --dport 22 -m recent --name sshattack --set iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 --hitcount 4 -m limit --limit 4/minute -j LOG --log-prefix 'SSH attack: ' iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 --hitcount 4 -j DROP Is it posible to make in this way with ipfw, ipf or pf on freebsd ? Regards, Todor Dragnev --=20 There are no answers, only cross references From owner-freebsd-isp@FreeBSD.ORG Wed Jul 20 09:32:37 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC72316A41F for ; Wed, 20 Jul 2005 09:32:37 +0000 (GMT) (envelope-from buki@dev.null.cz) Received: from dev.null.cz (dev.null.cz [193.85.228.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5190243D48 for ; Wed, 20 Jul 2005 09:32:36 +0000 (GMT) (envelope-from buki@dev.null.cz) Received: from dev.null.cz (localhost [127.0.0.1]) by dev.null.cz (8.13.1/8.13.1) with ESMTP id j6K9WYva040935 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 20 Jul 2005 11:32:34 +0200 (CEST) (envelope-from buki@dev.null.cz) Received: (from buki@localhost) by dev.null.cz (8.13.1/8.13.1/Submit) id j6K9WYSq040934; Wed, 20 Jul 2005 11:32:34 +0200 (CEST) (envelope-from buki) Date: Wed, 20 Jul 2005 11:32:34 +0200 From: Buki To: Todor Dragnev Message-ID: <20050720093234.GX12896@dev.null.cz> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i X-Virus-Scanned: ClamAV 0.86.1/984/Tue Jul 19 11:16:09 2005 on dev.null.cz X-Virus-Status: Clean Cc: freebsd-isp@freebsd.org Subject: Re: ssh brute force X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jul 2005 09:32:38 -0000 On Tue, Jul 19, 2005 at 10:12:52PM +0300, Todor Dragnev wrote: > Hello, Hi, > This email may be is not for this mailing list, but with this problem > more and more ISP have troubles. I want to block ssh dictionary attack > with freebsd. I found nice solution with iptables for linux: > > iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags FIN,ACK > FIN,ACK --dport 22 -m recent --name sshattack --set > > iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags RST RST > --dport 22 -m recent --name sshattack --set > > iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 > --hitcount 4 -m limit --limit 4/minute -j LOG --log-prefix 'SSH attack: ' > > iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 > --hitcount 4 -j DROP > > Is it posible to make in this way with ipfw, ipf or pf on freebsd ? what about MaxStartups option in sshd_config? > > Regards, > Todor Dragnev > -- > There are no answers, only cross references > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" Buki -- PGP public key: http://dev.null.cz/buki.asc /"\ \ / ASCII Ribbon Campaign X Against HTML & Outlook Mail / \ http://www.thebackrow.net From owner-freebsd-isp@FreeBSD.ORG Wed Jul 20 16:27:48 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B337A16A423 for ; Wed, 20 Jul 2005 16:27:48 +0000 (GMT) (envelope-from drew@mykitchentable.net) Received: from relay01.roc.ny.frontiernet.net (relay01.roc.ny.frontiernet.net [66.133.182.164]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B8EC43D58 for ; Wed, 20 Jul 2005 16:27:47 +0000 (GMT) (envelope-from drew@mykitchentable.net) Received: from filter08.roc.ny.frontiernet.net (filter08.roc.ny.frontiernet.net [66.133.183.75]) by relay01.roc.ny.frontiernet.net (Postfix) with ESMTP id 8CF1136421A for ; Wed, 20 Jul 2005 16:27:47 +0000 (UTC) Received: from relay01.roc.ny.frontiernet.net ([66.133.182.164]) by filter08.roc.ny.frontiernet.net (filter08.roc.ny.frontiernet.net [66.133.183.75]) (amavisd-new, port 10024) with LMTP id 17817-03-46 for ; Wed, 20 Jul 2005 16:27:47 +0000 (UTC) Received: from blacklamb.mykitchentable.net (67-51-142-23.dsl1.elk.ca.frontiernet.net [67.51.142.23]) by relay01.roc.ny.frontiernet.net (Postfix) with ESMTP id 1AC3F364291 for ; Wed, 20 Jul 2005 16:27:46 +0000 (UTC) Received: from [165.107.42.217] (unknown [165.107.42.217]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by blacklamb.mykitchentable.net (Postfix) with ESMTP id 103201C6BB7 for ; Wed, 20 Jul 2005 09:27:44 -0700 (PDT) Message-ID: <42DE7B30.7060403@mykitchentable.net> Date: Wed, 20 Jul 2005 09:26:24 -0700 From: Drew Tomlinson User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD ISP Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-2.2.1 (20041222) at filter08.roc.ny.frontiernet.net Subject: Frontpage Extensions on 5.4 - Anyone Gotten It To Work? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jul 2005 16:27:48 -0000 Has anyone been able to get Frontpage Extensions working with Apache 2.0.54 on 5.4-RELEASE-p4? I had it working on 4.11 but have been beating my head against the wall for the past two weeks on 5.4. When I run the /usr/local/frontpage/version5.0/fp_install.sh script, it fails when the script calls owsadm.exe to create the root web. owsadm.exe core dumps with a "Bad system call". I've done a complete removal of Apache2, Frontpage, and mod_frontpage2-rtr. Then I've rebuilt but continue to get core dumps when owsadm.exe runs in the fp_install.sh script. Is there any hope? Even if you don't know what the problem might be, a simple "I did it with no problem" will at least encourage me to keep trying. Thanks, Drew -- Visit The Alchemist's Warehouse Magic Tricks, DVDs, Videos, Books, & More! http://www.alchemistswarehouse.com From owner-freebsd-isp@FreeBSD.ORG Wed Jul 20 17:36:35 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CAE1516A41F for ; Wed, 20 Jul 2005 17:36:35 +0000 (GMT) (envelope-from bob@buckhorn.net) Received: from whitehall.lin-tech.net (whitehall.lin-tech.net [66.118.35.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8883343D48 for ; Wed, 20 Jul 2005 17:36:35 +0000 (GMT) (envelope-from bob@buckhorn.net) Received: from [192.168.1.125] (unknown [64.8.96.140]) by whitehall.lin-tech.net (Postfix) with ESMTP id 34A242500D; Wed, 20 Jul 2005 12:36:28 -0500 (CDT) Message-ID: <42DE8B96.3080409@buckhorn.net> Date: Wed, 20 Jul 2005 12:36:22 -0500 From: Bob Martin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Buki References: <20050720093234.GX12896@dev.null.cz> In-Reply-To: <20050720093234.GX12896@dev.null.cz> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at spamcontrol Cc: freebsd-isp@freebsd.org, Todor Dragnev Subject: Re: ssh brute force X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jul 2005 17:36:35 -0000 Has no effect on these attacks. They only start one at a time. Bob Martin Buki wrote: > On Tue, Jul 19, 2005 at 10:12:52PM +0300, Todor Dragnev wrote: > >>Hello, > > > Hi, > > >>This email may be is not for this mailing list, but with this problem >>more and more ISP have troubles. I want to block ssh dictionary attack >>with freebsd. I found nice solution with iptables for linux: >> >>iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags FIN,ACK >>FIN,ACK --dport 22 -m recent --name sshattack --set >> >>iptables -A INPUT -p tcp -m state --state ESTABLISHED --tcp-flags RST RST >>--dport 22 -m recent --name sshattack --set >> >>iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 >>--hitcount 4 -m limit --limit 4/minute -j LOG --log-prefix 'SSH attack: ' >> >>iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60 >>--hitcount 4 -j DROP >> >>Is it posible to make in this way with ipfw, ipf or pf on freebsd ? > > > what about MaxStartups option in sshd_config? > > >>Regards, >>Todor Dragnev >>-- >>There are no answers, only cross references >>_______________________________________________ >>freebsd-isp@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > Buki From owner-freebsd-isp@FreeBSD.ORG Wed Jul 20 20:03:46 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E9DC416A41F for ; Wed, 20 Jul 2005 20:03:46 +0000 (GMT) (envelope-from cdjones@novusordo.net) Received: from correo.novusordo.net (cdjj.org [216.194.85.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id A62B243D45 for ; Wed, 20 Jul 2005 20:03:46 +0000 (GMT) (envelope-from cdjones@novusordo.net) Received: from [127.0.0.1] (cdjj.org [216.194.85.7]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by correo.novusordo.net (Postfix) with ESMTP id 919AD14352; Wed, 20 Jul 2005 14:03:45 -0600 (MDT) Message-ID: <42DEAE1F.8000702@novusordo.net> Date: Wed, 20 Jul 2005 14:03:43 -0600 From: Chris Jones User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Todor Dragnev References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: ssh brute force X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jul 2005 20:03:47 -0000 Todor Dragnev wrote: >I want to block ssh dictionary attack with freebsd. >[...] >Is it posible to make in this way with ipfw, ipf or pf on freebsd ? > > I'm looking at having a script look at SSH's log output for repeated failed connection attempts from the same address, and then blocking that address through pf (I'm not yet sure whether I want to do it temporarily or permanently). From owner-freebsd-isp@FreeBSD.ORG Thu Jul 21 00:43:51 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59CBA16A43E for ; Thu, 21 Jul 2005 00:43:51 +0000 (GMT) (envelope-from cbuechler@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8197D43D53 for ; Thu, 21 Jul 2005 00:43:43 +0000 (GMT) (envelope-from cbuechler@gmail.com) Received: by wproxy.gmail.com with SMTP id 67so20094wri for ; Wed, 20 Jul 2005 17:43:43 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Ls5Fv1ODE//vYxEQvbFRqaNCi0ScUnfxGpJybNFvzS7J4G88vx4i/0TpA73lmNxsJ76y0RGMhmEByHHtPI8IF3r3Tf0O4C7kuuK+CEgsidowDaNIjXqaFUzyyZ9jhseCtiRrcrfqOb5GnSRHvETYJWDkfNUotagamzaO2Mdg1MA= Received: by 10.54.43.63 with SMTP id q63mr316717wrq; Wed, 20 Jul 2005 17:43:08 -0700 (PDT) Received: by 10.54.80.17 with HTTP; Wed, 20 Jul 2005 17:43:08 -0700 (PDT) Message-ID: Date: Wed, 20 Jul 2005 20:43:08 -0400 From: Chris Buechler To: Chris Jones In-Reply-To: <42DEAE1F.8000702@novusordo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <42DEAE1F.8000702@novusordo.net> Cc: freebsd-isp@freebsd.org, Todor Dragnev Subject: Re: ssh brute force X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Chris Buechler List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jul 2005 00:43:51 -0000 On 7/20/05, Chris Jones wrote: >=20 > I'm looking at having a script look at SSH's log output for repeated > failed connection attempts from the same address, and then blocking that > address through pf (I'm not yet sure whether I want to do it temporarily > or permanently). Matt Dillon wrote an app in C to do just that, with ipfw. =20 http://leaf.dragonflybsd.org/mailarchive/users/2005-03/msg00008.html Scott Ullrich modified it to work with pf. =20 http://pfsense.org/cgi-bin/cvsweb.cgi/tools/sshlockout_pf.c -Chris From owner-freebsd-isp@FreeBSD.ORG Thu Jul 21 00:51:54 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A412A16A427 for ; Thu, 21 Jul 2005 00:51:54 +0000 (GMT) (envelope-from andrew@scoop.co.nz) Received: from a2.scoop.co.nz (aurora.scoop.co.nz [202.50.109.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C85043D45 for ; Thu, 21 Jul 2005 00:51:50 +0000 (GMT) (envelope-from andrew@scoop.co.nz) Received: from a2.scoop.co.nz (localhost [127.0.0.1]) by a2.scoop.co.nz (8.13.3/8.12.11) with ESMTP id j6L0plQr067504; Thu, 21 Jul 2005 12:51:47 +1200 (NZST) (envelope-from andrew@scoop.co.nz) Received: from localhost (andrew@localhost) by a2.scoop.co.nz (8.13.3/8.13.1/Submit) with ESMTP id j6L0plxi067501; Thu, 21 Jul 2005 12:51:47 +1200 (NZST) (envelope-from andrew@scoop.co.nz) X-Authentication-Warning: a2.scoop.co.nz: andrew owned process doing -bs Date: Thu, 21 Jul 2005 12:51:47 +1200 (NZST) From: Andrew McNaughton To: Chris Buechler In-Reply-To: Message-ID: <20050721124837.M5699@a2.scoop.co.nz> References: <42DEAE1F.8000702@novusordo.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.6 (a2.scoop.co.nz [127.0.0.1]); Thu, 21 Jul 2005 12:51:47 +1200 (NZST) X-Virus-Scanned: ClamAV version 0.86.1, clamav-milter version 0.86 on a2.scoop.co.nz X-Virus-Status: Clean Cc: freebsd-isp@freebsd.org, Chris Jones , Todor Dragnev Subject: Re: ssh brute force X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jul 2005 00:51:54 -0000 On Wed, 20 Jul 2005, Chris Buechler wrote: > On 7/20/05, Chris Jones wrote: >> >> I'm looking at having a script look at SSH's log output for repeated >> failed connection attempts from the same address, and then blocking that >> address through pf (I'm not yet sure whether I want to do it temporarily >> or permanently). Make it temporary. Maybe three hours after 3 successive failures. just slowing down connections is enough to make brute force impractical. Andrew ------------------------------------------------------------------- Andrew McNaughton http://www.scoop.co.nz/ andrew@scoop.co.nz Mobile: +61 422 753 792 -- Of all forms of caution, caution in love is the most fatal -- pgp encrypted mail welcome keyid: 70F6C32D keyserver: pgp.mit.edu 5688 2396 AA81 036A EBAC 2DD4 1BEA 7975 A84F 6686 From owner-freebsd-isp@FreeBSD.ORG Thu Jul 21 10:51:51 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93A8116A423 for ; Thu, 21 Jul 2005 10:51:51 +0000 (GMT) (envelope-from todor.dragnev@gmail.com) Received: from mail.sistechnology.com (torro.sistechnology.com [217.79.65.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A1ED43D82 for ; Thu, 21 Jul 2005 10:51:38 +0000 (GMT) (envelope-from todor.dragnev@gmail.com) Received: from localhost (localhost [127.0.0.1]) by mail.sistechnology.com (Postfix) with ESMTP id 4248D46BE9; Thu, 21 Jul 2005 14:42:45 +0300 (EEST) Received: from mail.sistechnology.com ([217.79.65.130]) by localhost (torro [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28935-08; Thu, 21 Jul 2005 14:42:41 +0300 (EEST) Received: from nova.sistechnology.com (unknown [192.168.7.3]) by mail.sistechnology.com (Postfix) with ESMTP id 145F846BE1; Thu, 21 Jul 2005 14:42:41 +0300 (EEST) From: Todor Dragnev To: Chris Buechler Date: Thu, 21 Jul 2005 13:49:59 +0300 User-Agent: KMail/1.6.2 References: <42DEAE1F.8000702@novusordo.net> In-Reply-To: MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200507211349.59772.todor.dragnev@gmail.com> X-Virus-Scanned: by the vKeeper at sistechnology.com Cc: freebsd-isp@freebsd.org, Chris Jones Subject: Re: ssh brute force X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: todor.dragnev@gmail.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jul 2005 10:51:51 -0000 Thank you. On Thursday 21 July 2005 03:43, Chris Buechler wrote: > On 7/20/05, Chris Jones wrote: > > I'm looking at having a script look at SSH's log output for repeated > > failed connection attempts from the same address, and then blocking that > > address through pf (I'm not yet sure whether I want to do it temporarily > > or permanently). > > Matt Dillon wrote an app in C to do just that, with ipfw. > http://leaf.dragonflybsd.org/mailarchive/users/2005-03/msg00008.html > > Scott Ullrich modified it to work with pf. > http://pfsense.org/cgi-bin/cvsweb.cgi/tools/sshlockout_pf.c > > -Chris From owner-freebsd-isp@FreeBSD.ORG Thu Jul 21 11:15:24 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E4F5516A42A for ; Thu, 21 Jul 2005 11:15:24 +0000 (GMT) (envelope-from michael@staff.openaccess.org) Received: from smtp.openaccess.org (smtp.openaccess.org [66.165.52.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id D319943D6D for ; Thu, 21 Jul 2005 11:15:18 +0000 (GMT) (envelope-from michael@staff.openaccess.org) Received: from [192.168.1.242] (internal.valleyint.com [216.57.214.98]) by smtp.openaccess.org (Postfix) with ESMTP id 8D37C6D4310; Thu, 21 Jul 2005 04:14:19 -0700 (PDT) In-Reply-To: <200507211349.59772.todor.dragnev@gmail.com> References: <42DEAE1F.8000702@novusordo.net> <200507211349.59772.todor.dragnev@gmail.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <2d7ec17c078ffb523c193d9847113e5d@staff.openaccess.org> Content-Transfer-Encoding: 7bit From: Michael DeMan Date: Thu, 21 Jul 2005 04:15:18 -0700 To: todor.dragnev@gmail.com X-Mailer: Apple Mail (2.622) Cc: freebsd-isp@freebsd.org, Chris Jones , Chris Buechler Subject: Re: ssh brute force X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jul 2005 11:15:25 -0000 An easier way to handle this is to simply set up some basic configurations for the subnets you will accept SSH from. With pf its quite easy via the table structures, and with a little creativity and shell scripting, its not that tough to get ipfw or ipfilter to do it either. One more step, just blocking port 22 from 61.0.0.0/8 helps tremendously. We got hammered with this stuff a few weeks ago, and despite my comments above, trying to fully automate dozens of machines is an on-going labor of love for us, and there are many that do not have the self-built firewall rules commented as 'protect myself'. Michael F. DeMan Director of Technology OpenAccess Network Services Bellingham, WA 98225 michael@staff.openaccess.org 360-647-0785 On Jul 21, 2005, at 3:49 AM, Todor Dragnev wrote: > Thank you. > > On Thursday 21 July 2005 03:43, Chris Buechler wrote: >> On 7/20/05, Chris Jones wrote: >>> I'm looking at having a script look at SSH's log output for repeated >>> failed connection attempts from the same address, and then blocking >>> that >>> address through pf (I'm not yet sure whether I want to do it >>> temporarily >>> or permanently). >> >> Matt Dillon wrote an app in C to do just that, with ipfw. >> http://leaf.dragonflybsd.org/mailarchive/users/2005-03/msg00008.html >> >> Scott Ullrich modified it to work with pf. >> http://pfsense.org/cgi-bin/cvsweb.cgi/tools/sshlockout_pf.c >> >> -Chris > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Fri Jul 22 07:17:32 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 860F916A467 for ; Fri, 22 Jul 2005 07:17:32 +0000 (GMT) (envelope-from butsyk@mail.etsplus.net) Received: from mail.etsplus.net (mail.etsplus.net [193.110.17.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 54EFC43DC6 for ; Fri, 22 Jul 2005 07:17:18 +0000 (GMT) (envelope-from butsyk@mail.etsplus.net) Received: (qmail 99198 invoked by uid 0); 22 Jul 2005 07:17:17 -0000 Received: from unknown (HELO mail.etsplus.net) (127.0.0.1) by mail.etsplus.net with SMTP; 22 Jul 2005 07:17:17 -0000 Received: from 193.110.17.29 (SquirrelMail authenticated user butsyk@mail.etsplus.net) by mail.etsplus.net with HTTP; Fri, 22 Jul 2005 10:17:17 +0300 (EEST) Message-ID: <58440.193.110.17.29.1122016637.squirrel@mail.etsplus.net> Date: Fri, 22 Jul 2005 10:17:17 +0300 (EEST) From: "Anton Butsyk" To: freebsd-isp@freebsd.org User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: irc server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jul 2005 07:17:32 -0000 Hi list. Please I need advice. Which is the best irc server to use for customers? Regards, Anton. From owner-freebsd-isp@FreeBSD.ORG Fri Jul 22 07:23:30 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A244716A420 for ; Fri, 22 Jul 2005 07:23:30 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9948343D98 for ; Fri, 22 Jul 2005 07:23:18 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from 217-13-2-82.dd.nextgentel.com ([217.13.2.82] helo=h311r4z3r) by mail.yazzy.org with esmtps (TLSv1:AES256-SHA:256) (YazzY.org) id 1Dvrs4-0005jm-K3; Fri, 22 Jul 2005 09:23:02 +0200 Date: Fri, 22 Jul 2005 09:23:13 +0200 From: Marcin Jessa To: "Anton Butsyk" Message-Id: <20050722092313.45702478.lists@yazzy.org> In-Reply-To: <58440.193.110.17.29.1122016637.squirrel@mail.etsplus.net> References: <58440.193.110.17.29.1122016637.squirrel@mail.etsplus.net> Organization: YazzY.org X-Mailer: Sylpheed version 2.0.0beta6 (GTK+ 2.6.8; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -2.5 (--) Cc: freebsd-isp@freebsd.org Subject: Re: irc server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jul 2005 07:23:30 -0000 Howdy. We use ratbox at our internal network. It's both easy to setup (easier to deal with than dancer) and supports irc services like ChanServ. Cheers, Marcin Jessa On Fri, 22 Jul 2005 10:17:17 +0300 (EEST) "Anton Butsyk" wrote: > Hi list. > > Please I need advice. > Which is the best irc server to use for customers? > > Regards, > > Anton. > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Fri Jul 22 09:40:36 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7264A16A422 for ; Fri, 22 Jul 2005 09:40:36 +0000 (GMT) (envelope-from ml@gavage.com) Received: from outmx026.isp.belgacom.be (outmx026.isp.belgacom.be [195.238.2.91]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E17243D49 for ; Fri, 22 Jul 2005 09:40:32 +0000 (GMT) (envelope-from ml@gavage.com) Received: from outmx026.isp.belgacom.be (localhost [127.0.0.1]) by outmx026.isp.belgacom.be (8.12.11/8.12.11/Skynet-OUT-2.22) with ESMTP id j6M9eR5k006632 for ; Fri, 22 Jul 2005 11:40:27 +0200 (envelope-from ) Received: from [127.0.0.1] (33.130-201-80.adsl.skynet.be [80.201.130.33]) by outmx026.isp.belgacom.be (8.12.11/8.12.11/Skynet-OUT-2.22) with ESMTP id j6M9eLo3006584; Fri, 22 Jul 2005 11:40:21 +0200 (envelope-from ) Message-ID: <42E0BF05.4040309@gavage.com> Date: Fri, 22 Jul 2005 11:40:21 +0200 From: Cedric Gavage User-Agent: Mozilla Thunderbird 1.0.5 (Windows/20050711) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Marcin Jessa References: <58440.193.110.17.29.1122016637.squirrel@mail.etsplus.net> <20050722092313.45702478.lists@yazzy.org> In-Reply-To: <20050722092313.45702478.lists@yazzy.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org, Anton Butsyk Subject: Re: irc server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jul 2005 09:40:36 -0000 Marcin Jessa wrote: > Howdy. > > We use ratbox at our internal network. > It's both easy to setup (easier to deal with than dancer) and supports irc services like ChanServ. > There is also UnrealIRCD which supports irc services (chanserv, nickserv, ...) with Anope product. http://www.unrealircd.com/ http://www.anope.org/ -- Cedric Gavage - cedric@gavage.com - OpenPGP: 0xED325C64 http://unixtech.be - http://gavage.com From owner-freebsd-isp@FreeBSD.ORG Fri Jul 22 10:11:43 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE0C516A41F for ; Fri, 22 Jul 2005 10:11:43 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6292643D78 for ; Fri, 22 Jul 2005 10:11:26 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: by zproxy.gmail.com with SMTP id v1so154003nzb for ; Fri, 22 Jul 2005 03:11:25 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lIw2E20kr/6G+9iZGaKVbhTlqnjX/13vA1AbLnJj1Vy2pdILalvpZLXmduVIt/CRmJAXUEhpnJ022/bh+shXNMondksMeSWBIm7R1pnl8xKo9QUYNJZXqQCpVWQaOOMfR0eWv0r2cFjdEzpp0ttAV2P+AOS9PBXxWEMj1WBtzV0= Received: by 10.36.221.19 with SMTP id t19mr1294549nzg; Fri, 22 Jul 2005 03:11:25 -0700 (PDT) Received: by 10.36.86.4 with HTTP; Fri, 22 Jul 2005 03:11:15 -0700 (PDT) Message-ID: <79722fad05072203113735961f@mail.gmail.com> Date: Fri, 22 Jul 2005 13:11:15 +0300 From: Vlad GALU To: freebsd-isp@freebsd.org In-Reply-To: <42E0BF05.4040309@gavage.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <58440.193.110.17.29.1122016637.squirrel@mail.etsplus.net> <20050722092313.45702478.lists@yazzy.org> <42E0BF05.4040309@gavage.com> Subject: Re: irc server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Vlad GALU List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jul 2005 10:11:43 -0000 On 7/22/05, Cedric Gavage wrote: > Marcin Jessa wrote: > > Howdy. > > > > We use ratbox at our internal network. > > It's both easy to setup (easier to deal with than dancer) and supports = irc services like ChanServ. > > >=20 > There is also UnrealIRCD which supports irc services (chanserv, > nickserv, ...) with Anope product. >=20 > http://www.unrealircd.com/ > http://www.anope.org/ >=20 You may want to check which of the I/O multiplexed event handling engines each ircd supports. Most certainly you would want one that is aware of kqueue, if run on FreeBSD. I can tell you from my personal experience that the ircd they use on Undernet is very well written in these respects. I've seen it handle 8k clients without any problems, on a single proc Pentium III at 500MHz. However, the management services are somewhat unusual, compared to the ones for the other IRC servers. > -- > Cedric Gavage - cedric@gavage.com - OpenPGP: 0xED325C64 > http://unixtech.be - http://gavage.com >=20 > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >=20 --=20 If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it. From owner-freebsd-isp@FreeBSD.ORG Sat Jul 23 06:39:57 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC80416A420 for ; Sat, 23 Jul 2005 06:39:57 +0000 (GMT) (envelope-from butsyk@mail.etsplus.net) Received: from mail.etsplus.net (mail.etsplus.net [193.110.17.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC36B43D48 for ; Sat, 23 Jul 2005 06:39:55 +0000 (GMT) (envelope-from butsyk@mail.etsplus.net) Received: (qmail 48682 invoked by uid 0); 23 Jul 2005 06:39:53 -0000 Received: from unknown (HELO ?10.0.25.118?) (10.0.25.118) by mail.etsplus.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 23 Jul 2005 06:39:53 -0000 Message-ID: <42E1E656.2050903@mail.etsplus.net> Date: Sat, 23 Jul 2005 09:40:22 +0300 From: Anton Butsyk User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <42DEAE1F.8000702@novusordo.net> <200507211349.59772.todor.dragnev@gmail.com> <2d7ec17c078ffb523c193d9847113e5d@staff.openaccess.org> In-Reply-To: <2d7ec17c078ffb523c193d9847113e5d@staff.openaccess.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: ssh brute force X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jul 2005 06:39:57 -0000 Hi list. I escape from ssh brute force with pf. Just for sample: pass in quick on $ext_if proto tcp from \ any to $ext_if port 22 flags S/SA keep state \ (max 200, source-track rule, max-src-nodes 100, \ max-src-states 3, tcp.first 10, tcp.closing 10) With pf you can control packets on the interfaces, i love this tool. Regards, Anton. > An easier way to handle this is to simply set up some basic > configurations for the subnets you will accept SSH from. With pf its > quite easy via the table structures, and with a little creativity and > shell scripting, its not that tough to get ipfw or ipfilter to do it > either. > > One more step, just blocking port 22 from 61.0.0.0/8 helps > tremendously. We got hammered with this stuff a few weeks ago, and > despite my comments above, trying to fully automate dozens of machines > is an on-going labor of love for us, and there are many that do not > have the self-built firewall rules commented as 'protect myself'. > > > Michael F. DeMan > Director of Technology > OpenAccess Network Services > Bellingham, WA 98225 > michael@staff.openaccess.org > 360-647-0785 > On Jul 21, 2005, at 3:49 AM, Todor Dragnev wrote: > >> Thank you. >> >> On Thursday 21 July 2005 03:43, Chris Buechler wrote: >> >>> On 7/20/05, Chris Jones wrote: >>> >>>> I'm looking at having a script look at SSH's log output for repeated >>>> failed connection attempts from the same address, and then blocking >>>> that >>>> address through pf (I'm not yet sure whether I want to do it >>>> temporarily >>>> or permanently). >>> >>> >>> Matt Dillon wrote an app in C to do just that, with ipfw. >>> http://leaf.dragonflybsd.org/mailarchive/users/2005-03/msg00008.html >>> >>> Scott Ullrich modified it to work with pf. >>> http://pfsense.org/cgi-bin/cvsweb.cgi/tools/sshlockout_pf.c >>> >>> -Chris >> >> _______________________________________________ >> freebsd-isp@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-isp >> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"