Date: Fri, 18 Jun 2010 14:31:10 +0200 From: =?ISO-8859-1?B?QmFs4XpzIE3hdOlmZnk=?= <repcsike@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: system is under attack (what can I do more?) Message-ID: <AANLkTikStEuOGpE3-b70vnpvh907BeAOhscEM95ysrUN@mail.gmail.com> In-Reply-To: <367428.93212.qm@web51108.mail.re2.yahoo.com> References: <367428.93212.qm@web51108.mail.re2.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, 1, maybe the line with the rule is in a bad place in the conf, but even if it's working it's possible that it wont be triggered. As far as I can see there are 30 sec interval pauses between attacks from one host. Your rule is looking for connections in 30 sec ranges. 2,You should use a program that monitors the logs, and then passes the ips after 3 unsuccessful logins to the bruteforce table. See bruteforceblocker, but there are a bunch of other programs for this. Regards, MB.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikStEuOGpE3-b70vnpvh907BeAOhscEM95ysrUN>