From owner-freebsd-questions@FreeBSD.ORG Wed Apr 6 07:15:29 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55B6716A4CE for ; Wed, 6 Apr 2005 07:15:29 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6972C43D39 for ; Wed, 6 Apr 2005 07:15:28 +0000 (GMT) (envelope-from xmisoy@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so94820rng for ; Wed, 06 Apr 2005 00:15:28 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=k92zbibauMb2TQouBjSnPiSybyVvH9n9maz4fAgM8BIy0B2NlnuNjw/9hoz0zmOPuF8eyEP08uJj4Wl/6ABkvhaueh2BPrYau2zwRFWvZhMb+tsO72V/ARRB7lj7TuLqwZXnzb6VuYF/ALEL9lXFDjFx/p91RAE87nSDV430koA= Received: by 10.38.160.52 with SMTP id i52mr508431rne; Wed, 06 Apr 2005 00:15:28 -0700 (PDT) Received: by 10.39.1.44 with HTTP; Wed, 6 Apr 2005 00:15:28 -0700 (PDT) Message-ID: <36f5bbba050406001514562df7@mail.gmail.com> Date: Wed, 6 Apr 2005 07:15:28 +0000 From: "Edwin D. Vinas" To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: too many illegal connection attempts through ssh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Edwin D. Vinas" List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2005 07:15:29 -0000 hello, shown below is snapshot of too many illegal attempts to login to my server from a suspicious hacker. this is taken from the "/var/log/auth.log". my question is, how do i automatically block an IP address if it is attempting to guess my login usernames? can i configure the firewall to check the instances a certain IP has attempted to access/ssh the sevrer, and if it has failed to login for about "x" number of attempts, it will be blocked automatically? thank you in advance! -edwin ---------------- Mar 26 05:00:00 pawikan newsyslog[11879]: logfile turned over due to size>1= 00K Mar 26 22:49:29 pawikan sshd[66637]: Illegal user test from 211.176.33.46 Mar 26 22:49:32 pawikan sshd[66639]: Illegal user guest from 211.176.33.46 Mar 26 22:49:35 pawikan sshd[66641]: Illegal user admin from 211.176.33.46 Mar 26 22:49:37 pawikan sshd[66643]: Illegal user admin from 211.176.33.46 Mar 26 22:49:40 pawikan sshd[66645]: Illegal user user from 211.176.33.46 Mar 26 22:49:50 pawikan sshd[66654]: Illegal user test from 211.176.33.46 Mar 27 02:50:12 pawikan sshd[69369]: Illegal user test from 210.0.141.89 Mar 27 02:50:14 pawikan sshd[69463]: Illegal user guest from 210.0.141.89 Mar 27 02:50:15 pawikan sshd[69650]: Illegal user admin from 210.0.141.89 Mar 27 02:50:17 pawikan sshd[69745]: Illegal user admin from 210.0.141.89 Mar 27 02:50:18 pawikan sshd[69858]: Illegal user user from 210.0.141.89 Mar 27 02:50:24 pawikan sshd[70319]: Illegal user test from 210.0.141.89 Mar 27 04:10:58 pawikan sshd[5171]: Illegal user test from 218.188.9.202 Mar 27 04:10:59 pawikan sshd[5173]: Illegal user guest from 218.188.9.202 Mar 27 04:11:00 pawikan sshd[5175]: Illegal user admin from 218.188.9.202 Mar 27 04:11:01 pawikan sshd[5190]: Illegal user admin from 218.188.9.202 Mar 27 04:11:02 pawikan sshd[5192]: Illegal user user from 218.188.9.202 Mar 27 04:11:07 pawikan sshd[5200]: Illegal user test from 218.188.9.202 Mar 27 12:13:21 pawikan sshd[9236]: Did not receive identification string from 61.59.143.27 Mar 27 12:23:03 pawikan sshd[13482]: Illegal user jordan from 61.59.143.27 Mar 27 12:23:07 pawikan sshd[13484]: Illegal user michael from 61.59.143.27 Mar 27 12:23:11 pawikan sshd[13486]: Illegal user nicole from 61.59.143.27 Mar 27 12:23:14 pawikan sshd[13488]: Illegal user daniel from 61.59.143.27 Mar 27 12:23:18 pawikan sshd[13490]: Illegal user andrew from 61.59.143.27 Mar 27 12:23:21 pawikan sshd[13492]: Illegal user nathan from 61.59.143.27 Mar 27 12:23:25 pawikan sshd[13494]: Illegal user matthew from 61.59.143.27 Mar 27 12:23:29 pawikan sshd[13496]: Illegal user magic from 61.59.143.27 Mar 27 12:23:33 pawikan sshd[13498]: Illegal user lion from 61.59.143.27 Mar 27 12:23:37 pawikan sshd[13500]: Illegal user david from 61.59.143.27 Mar 27 12:23:41 pawikan sshd[13502]: Illegal user jason from 61.59.143.27 Mar 27 12:23:45 pawikan sshd[13504]: Illegal user ben from 61.59.143.27 Mar 27 12:23:49 pawikan sshd[13506]: Illegal user carmen from 61.59.143.27 Mar 27 12:23:53 pawikan sshd[13510]: Illegal user justin from 61.59.143.27 Mar 27 12:23:57 pawikan sshd[13512]: Illegal user charlie from 61.59.143.27 Mar 27 12:24:02 pawikan sshd[13514]: Illegal user steven from 61.59.143.27 Mar 27 12:24:06 pawikan sshd[13517]: Illegal user brandon from 61.59.143.27 Mar 27 12:24:09 pawikan sshd[13519]: Illegal user brian from 61.59.143.27 Mar 27 12:24:13 pawikan sshd[13521]: Illegal user stephen from 61.59.143.27 Mar 27 12:24:17 pawikan sshd[13523]: Illegal user william from 61.59.143.27 Mar 27 12:24:21 pawikan sshd[13525]: Illegal user angel from 61.59.143.27 Mar 27 12:24:27 pawikan sshd[13527]: Illegal user emily from 61.59.143.27 Mar 27 12:24:31 pawikan sshd[13529]: Illegal user eric from 61.59.143.27 Mar 27 12:24:36 pawikan sshd[13531]: Illegal user joe from 61.59.143.27 Mar 27 12:24:39 pawikan sshd[13533]: Illegal user tom from 61.59.143.27 Mar 27 12:24:43 pawikan sshd[13535]: Illegal user billy from 61.59.143.27 Mar 27 12:24:47 pawikan sshd[13537]: Illegal user buddy from 61.59.143.27 Mar 27 12:24:50 pawikan sshd[13540]: Illegal user jeremy from 61.59.143.27 Mar 27 12:24:54 pawikan sshd[13542]: Illegal user vampire from 61.59.143.27 Mar 27 12:24:57 pawikan sshd[13544]: Illegal user betty from 61.59.143.27 Mar 27 12:25:00 pawikan sshd[13546]: Illegal user henry from 61.59.143.27 Mar 27 12:25:04 pawikan sshd[13749]: Illegal user max from 61.59.143.27 Mar 27 12:25:07 pawikan sshd[14024]: Illegal user nicholas from 61.59.143.2= 7 Mar 27 12:25:11 pawikan sshd[14336]: Illegal user robin from 61.59.143.27 Mar 27 12:25:15 pawikan sshd[14644]: Illegal user system from 61.59.143.27 Mar 27 12:25:18 pawikan sshd[14904]: Illegal user johnny from 61.59.143.27 Mar 27 12:25:22 pawikan sshd[15221]: Illegal user lucy from 61.59.143.27 Mar 27 12:25:26 pawikan sshd[15521]: Illegal user market from 61.59.143.27 Mar 27 12:25:32 pawikan sshd[15673]: Illegal user lp from 61.59.143.27 Mar 27 12:25:37 pawikan sshd[15675]: Illegal user maria from 61.59.143.27 Mar 27 12:25:42 pawikan sshd[15677]: Illegal user rose from 61.59.143.27 Mar 27 12:25:47 pawikan sshd[15679]: Illegal user mail from 61.59.143.27 Mar 27 12:25:52 pawikan sshd[15681]: Illegal user god from 61.59.143.27 Mar 27 12:25:56 pawikan sshd[15683]: Illegal user barbara from 61.59.143.27 Mar 27 12:26:05 pawikan sshd[15688]: Illegal user larisa from 61.59.143.27 Mar 27 12:26:10 pawikan sshd[15690]: Illegal user shell from 61.59.143.27 Mar 27 12:26:15 pawikan sshd[15692]: Illegal user jane from 61.59.143.27 Mar 27 12:26:19 pawikan sshd[15694]: Illegal user dog from 61.59.143.27 Mar 27 12:26:23 pawikan sshd[15696]: Illegal user blue from 61.59.143.27 --=20 -- Edwin D. Vi=F1as http://www.geocities.com/edwin_vinas/ IN THE WORLD OF SCIENCE, NOTHING IS IMPOSSIBLE. --