From owner-freebsd-isp@FreeBSD.ORG  Sun Jul 24 23:05:09 2005
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6B79B16A41F
	for <freebsd-isp@freebsd.org>; Sun, 24 Jul 2005 23:05:09 +0000 (GMT)
	(envelope-from danger@rulez.sk)
Received: from mail.rulez.sk (DaEmoN.RuLeZ.sK [84.16.32.226])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C628D43D55
	for <freebsd-isp@freebsd.org>; Sun, 24 Jul 2005 23:05:07 +0000 (GMT)
	(envelope-from danger@rulez.sk)
Received: from localhost (localhost [127.0.0.1])
	by mail.rulez.sk (Postfix) with ESMTP id 37DBF1CC62;
	Mon, 25 Jul 2005 01:05:01 +0200 (CEST)
Received: from danger.mcrn.sk (danger.mcrn.sk [84.16.37.254])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.rulez.sk (Postfix) with ESMTP id B2E351CC33;
	Mon, 25 Jul 2005 01:04:54 +0200 (CEST)
Date: Mon, 25 Jul 2005 01:04:51 +0200
From: Daniel Gerzo <danger@rulez.sk>
X-Mailer: The Bat! (v3.5) UNREG / CD5BF9353B3B7091
X-Priority: 3 (Normal)
Message-ID: <77588585.20050725010451@rulez.sk>
To: Chris Buechler <cbuechler@gmail.com>
In-Reply-To: <d64aa176050720174322ebc621@mail.gmail.com>
References: <f72a639a050719121244719e22@mail.gmail.com>
	<42DEAE1F.8000702@novusordo.net>
	<d64aa176050720174322ebc621@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at mail.rulez.sk
X-Spam-Status: No, hits=-4.861 tagged_above=-999 required=5
	tests=[ALL_TRUSTED=-3.3, AWL=1.038, BAYES_00=-2.599]
X-Spam-Level: 
Cc: freebsd-isp@freebsd.org, Chris Jones <cdjones@novusordo.net>,
	Todor Dragnev <todor.dragnev@gmail.com>
Subject: Re[2]: ssh brute force
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Daniel Gerzo <danger@rulez.sk>
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jul 2005 23:05:09 -0000

Hello Chris,

Thursday, July 21, 2005, 2:43:08 AM, si tukal:

> On 7/20/05, Chris Jones <cdjones@novusordo.net> wrote:
>> 
>> I'm looking at having a script look at SSH's log output for repeated
>> failed connection attempts from the same address, and then blocking that
>> address through pf (I'm not yet sure whether I want to do it temporarily
>> or permanently).


> Matt Dillon wrote an app in C to do just that, with ipfw.  
> http://leaf.dragonflybsd.org/mailarchive/users/2005-03/msg00008.html

> Scott Ullrich modified it to work with pf.  
> http://pfsense.org/cgi-bin/cvsweb.cgi/tools/sshlockout_pf.c

I have made security/bruteforceblocker
It's a perl script that works with opensshd's logs and pf

> -Chris


-- 
sincerely...

 DanGer, ICQ: 261701668  | e-mail protecting at: http://www.2pu.net/
 http://danger.rulez.sk  | proxy list at:        http://www.proxy-web.com/
                         | FreeBSD - The Power to Serve!