Date: Mon, 25 Jul 2005 01:04:51 +0200 From: Daniel Gerzo <danger@rulez.sk> To: Chris Buechler <cbuechler@gmail.com> Cc: freebsd-isp@freebsd.org, Chris Jones <cdjones@novusordo.net>, Todor Dragnev <todor.dragnev@gmail.com> Subject: Re[2]: ssh brute force Message-ID: <77588585.20050725010451@rulez.sk> In-Reply-To: <d64aa176050720174322ebc621@mail.gmail.com> References: <f72a639a050719121244719e22@mail.gmail.com> <42DEAE1F.8000702@novusordo.net> <d64aa176050720174322ebc621@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Chris, Thursday, July 21, 2005, 2:43:08 AM, si tukal: > On 7/20/05, Chris Jones <cdjones@novusordo.net> wrote: >> >> I'm looking at having a script look at SSH's log output for repeated >> failed connection attempts from the same address, and then blocking that >> address through pf (I'm not yet sure whether I want to do it temporarily >> or permanently). > Matt Dillon wrote an app in C to do just that, with ipfw. > http://leaf.dragonflybsd.org/mailarchive/users/2005-03/msg00008.html > Scott Ullrich modified it to work with pf. > http://pfsense.org/cgi-bin/cvsweb.cgi/tools/sshlockout_pf.c I have made security/bruteforceblocker It's a perl script that works with opensshd's logs and pf > -Chris -- sincerely... DanGer, ICQ: 261701668 | e-mail protecting at: http://www.2pu.net/ http://danger.rulez.sk | proxy list at: http://www.proxy-web.com/ | FreeBSD - The Power to Serve!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?77588585.20050725010451>