From owner-freebsd-questions@FreeBSD.ORG Sat Mar 20 22:17:31 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CAF8D106566B for ; Sat, 20 Mar 2010 22:17:31 +0000 (UTC) (envelope-from jozsi.avadkan@gmail.com) Received: from mail-fx0-f222.google.com (mail-fx0-f222.google.com [209.85.220.222]) by mx1.freebsd.org (Postfix) with ESMTP id 5C0C98FC0C for ; Sat, 20 Mar 2010 22:17:30 +0000 (UTC) Received: by fxm22 with SMTP id 22so3991556fxm.14 for ; Sat, 20 Mar 2010 15:17:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:content-type :date:message-id:mime-version:x-mailer:content-transfer-encoding; bh=wI78JOvgakPgVkSZtIdv1dT0BfB0kXdm6U3jx3ZSAWo=; b=vv0dWd9J+QoBuQBLFaR8oLMeE/pCQQXlZ0R4HqkwgO0bg4jvDNpsD96btZS4OIwuXp S8UaBvUOZXbb0qcxK0JYldVnlqo1v59gWlUuFrG0ZQjdX6zEoaK2cPaVdF1MIYHFDMqp h4pOfqT4NXW/TuYsd8LjFn40cEUCRUZd67Y6o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:content-type:date:message-id:mime-version:x-mailer :content-transfer-encoding; b=hEXD+1gdehNu8OTdU4Gwa7CcRhBMzv47yvsv7a8aCZFG0SDsGXeFVHQvPFgCQgzxmQ 30pzNGQamgpe/mONP0GSay8NQ4DSpUpwuZ2N7vxDvZBWzE0GGL+u4JlrftcEBhxkfLYc 3jF0VCu24zqLUubLA9YljrRUKxbUXDlZch8cU= Received: by 10.102.169.39 with SMTP id r39mr132777mue.126.1269123449324; Sat, 20 Mar 2010 15:17:29 -0700 (PDT) Received: from [192.168.0.88] (178-164-140-81.pool.digikabel.hu [178.164.140.81]) by mx.google.com with ESMTPS id 12sm6517735muq.1.2010.03.20.15.17.28 (version=SSLv3 cipher=RC4-MD5); Sat, 20 Mar 2010 15:17:28 -0700 (PDT) From: Vadkan Jozsef To: FreeBSD Mailing list Content-Type: text/plain; charset="UTF-8" Date: Sat, 20 Mar 2010 23:17:24 +0100 Message-ID: <1269123444.32263.53.camel@ubuntu> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Content-Transfer-Encoding: 7bit Subject: bruteforce protection howto X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Mar 2010 22:17:31 -0000 Two pc's: 1 - router 2 - logger Situation: someone tries to bruteforce into a server, and the logger get's a log about it [e.g.: ssh login failed]. What's the best method to ban that ip [what is bruteforcig a server] what was logged on the logger? I need to ban the ip on the router pc. How can i send the bad ip to the router, to ban it? Just run a cronjob, and e.g.: scp the list of ip's from the logger to the router, then ban the ip from the list on the router pc? Or is there any "offical" method for this? I'm just asking for docs/howtos.. :\ to get started.. Thank you!