From owner-freebsd-questions@FreeBSD.ORG Sun Mar 19 00:00:48 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 77A4216A420 for ; Sun, 19 Mar 2006 00:00:48 +0000 (UTC) (envelope-from chris@chrismaness.com) Received: from ylpvm12.prodigy.net (ylpvm12-ext.prodigy.net [207.115.57.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E83D43D46 for ; Sun, 19 Mar 2006 00:00:47 +0000 (GMT) (envelope-from chris@chrismaness.com) Received: from pimout5-ext.prodigy.net (pimout5-int.prodigy.net [207.115.4.21]) by ylpvm12.prodigy.net (8.12.10 outbound/8.12.10) with ESMTP id k2J00hbJ002960 for ; Sat, 18 Mar 2006 19:00:43 -0500 X-ORBL: [69.108.92.143] Received: from [127.0.0.1] (adsl-69-108-92-143.dsl.irvnca.pacbell.net [69.108.92.143]) by pimout5-ext.prodigy.net (8.13.4 outbound domainkey aix/8.13.4) with ESMTP id k2J00eNU250998; Sat, 18 Mar 2006 19:00:46 -0500 Message-ID: <441C9F2B.6010708@chrismaness.com> Date: Sat, 18 Mar 2006 16:00:43 -0800 From: Chris Maness User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Kris Anderson References: <20060318223748.20675.qmail@web52703.mail.yahoo.com> In-Reply-To: <20060318223748.20675.qmail@web52703.mail.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: How to Stop Bruit Force ssh Attempts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 00:00:48 -0000 Kris Anderson wrote: > --- Chris Maness wrote: > > >> In my auth log I see alot of bruit force attempts to >> login via ssh. Is >> there a way I can have the box automatically kill >> any tcp/ip >> connectivity to hosts that try and fail a given >> number of times? Is >> there a port or something that I can install to give >> this kind of >> protection. I'm still kind of a FreeBSD newbie. >> >> Thanks, >> Chris Maness >> > > Hey there, > A couple of things you could try. I believe there is a > port that watches log files, utilizing that you could > create a script to add the IP to your firewall rules > then after a time remove it. > > The other way is to use snort_inline and see how that > works. > > Hope that helps. > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > I'm using denyhost per someone on the lists recomendation. It works very well.