From owner-freebsd-stable@FreeBSD.ORG Tue Dec 29 08:37:58 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AD083106566B for ; Tue, 29 Dec 2009 08:37:58 +0000 (UTC) (envelope-from jespasac@minibofh.org) Received: from smtp02.cdmon.com (smtp02.cdmon.com [212.36.74.229]) by mx1.freebsd.org (Postfix) with ESMTP id 6AB218FC19 for ; Tue, 29 Dec 2009 08:37:58 +0000 (UTC) Received: from jespasac.cdmon.com (62.Red-217-126-43.staticIP.rima-tde.net [217.126.43.62]) (Authenticated sender: jespasac@noverificar) by smtp02.cdmon.com (Postfix) with ESMTP id 776FC45E2C for ; Tue, 29 Dec 2009 09:37:56 +0100 (CET) Message-ID: <4B39BFE3.7010500@minibofh.org> Date: Tue, 29 Dec 2009 09:37:55 +0100 From: Jordi Espasa Clofent User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-4.fc12 Thunderbird/3.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <4B20B509.4050501@yahoo.it> <600C0C33850FFE49B76BDD81AED4D25801371D8056@IMCMBX3.MITRE.ORG> <600C0C33850FFE49B76BDD81AED4D25801371D8737@IMCMBX3.MITRE.ORG> <8bdcbc5f08e9b762c3d2dcfe2fd00558.HRCIM@webmail.1command.com> In-Reply-To: <8bdcbc5f08e9b762c3d2dcfe2fd00558.HRCIM@webmail.1command.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Hacked - FreeBSD 7.1-Release X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Dec 2009 08:37:58 -0000 # pfctl -sr | grep ssh_brutes block drop quick from to any pass quick on em1 inet proto tcp from any to xxx.xxx.xxx.0/23 port = ssh flags S/SA keep state (source-track rule, max-src-conn 20, max-src-conn-rate 3/12, overload flush global, src.track 12) pass quick on em0 inet proto tcp from any to xxx.xxx.xxx.0/23 port = ssh flags S/SA keep state (source-track rule, max-src-conn 20, max-src-conn-rate 3/12, overload flush global, src.track 12) # pfctl -t ssh_brutes -T show 24.69.83.139 24.106.149.2 59.108.230.130 59.124.109.227 60.6.237.54 60.212.42.11 61.47.34.67 78.40.82.74 79.136.123.7 79.188.234.58 85.12.25.157 85.38.97.122 85.114.135.208 94.198.49.185 110.12.64.141 114.255.100.163 116.28.64.181 121.254.228.61 123.15.41.98 123.124.236.195 158.49.245.201 173.10.126.225 189.108.172.26 190.9.128.231 193.203.70.180 195.219.57.189 202.103.25.246 203.76.99.62 203.94.231.11 208.87.3.42 210.119.104.170 211.92.149.147 211.144.32.185 212.18.195.102 216.36.150.58 218.97.254.206 218.206.233.43 221.202.118.39 222.221.2.210 # uname -a OpenBSD tereo.xxx.com 4.5 GENERIC#0 amd64 -- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Bene Gesserit Litany Against Fear.