From owner-freebsd-questions@FreeBSD.ORG Fri Jun 18 15:32:48 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A0FE7106564A for ; Fri, 18 Jun 2010 15:32:48 +0000 (UTC) (envelope-from SamanKaya@netscape.net) Received: from imr-mb02.mx.aol.com (imr-mb02.mx.aol.com [64.12.207.163]) by mx1.freebsd.org (Postfix) with ESMTP id 649288FC16 for ; Fri, 18 Jun 2010 15:32:48 +0000 (UTC) Received: from mtaout-db05.r1000.mx.aol.com (mtaout-db05.r1000.mx.aol.com [172.29.51.197]) by imr-mb02.mx.aol.com (8.14.1/8.14.1) with ESMTP id o5IFWV76025707; Fri, 18 Jun 2010 11:32:31 -0400 Received: from [192.168.0.53] (unknown [85.105.64.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaout-db05.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 399EEE0007CF; Fri, 18 Jun 2010 11:32:31 -0400 (EDT) Message-ID: <4C1B90CE.4020509@netscape.net> Date: Fri, 18 Jun 2010 18:29:18 +0300 From: Kaya Saman User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: Jerry Bell References: <367428.93212.qm@web51108.mail.re2.yahoo.com> <4C1B67B2.8000309@nrdx.com> In-Reply-To: <4C1B67B2.8000309@nrdx.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit x-aol-global-disposition: G X-AOL-SCOLL-SCORE: 0:2:390542656:93952408 X-AOL-SCOLL-URL_COUNT: 0 x-aol-sid: 3039ac1d33c54c1b918f765d X-AOL-IP: 85.105.64.2 Cc: freebsd-questions@freebsd.org Subject: Re: system is under attack (what can I do more?) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2010 15:32:48 -0000 [...] > Look at ports/security/sshguard and ports/security/bruteblock. > > I use sshguard with ipfilter, but it works with pf and ipfw as well. > It is very simple to set up and gets the job done. > > Jerry > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" Hi just wanted to say thanks for stating this as I'm also looking for a BSD version of fail2ban which I couldn't find in the FreeBSD ports collection...... A real problem with this kind of attack is that even though brute force in nature it can also work like a DoS if the server is having to handle X amount of break-ins per second and also if multiple people are trying to hack the system at the same time, it can steal bandwidth too as let's face it not everyone has high powered enterprise grade MetroEthernet or OC12+ Trunks WAN connectivity. A lot of people are still on ADSL or even Dial-Up. Regards, Kaya