Date: Thu, 26 Jan 2006 11:05:07 +0800 From: "Paul Hamilton" <paulh@bdug.org.au> To: "'Daniel Gerzo'" <danger@rulez.sk>, <Ilias.Sachpazidis@igd.fraunhofer.de> Cc: questions@freebsd.org Subject: RE: auth.log & intruder prevention Message-ID: <00ee01c62225$4fb3de00$6600a8c0@w2k2> In-Reply-To: <20060124235744.GA99424@daemon.rulez.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Daniel, On your web site, you show how easy it is to convert to IPTABLES. I presume then it would be quite easy to reconfigure to use IPFW as well? Cheers, Paul > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Daniel Gerzo > Sent: Wednesday, 25 January 2006 7:58 AM > To: Ilias.Sachpazidis@igd.fraunhofer.de > Cc: questions@freebsd.org > Subject: Re: auth.log & intruder prevention > > > On Tue, Jan 24, 2006 at 10:02:26PM +0100, Ilias Sachpazidis wrote: > > Hi Everyone, > > hello, > > > > > In auth.log of my FreeBSD boxes I got many requests to port > 22, as you > > can see below. ----begin of snippet > > Jan 22 11:21:50 zeus sshd[92900]: Failed password for > illegal user cracking > > from 65.208.188.105 port 58344 ssh2 > > Jan 22 11:21:53 zeus sshd[92902]: Failed password for > illegal user hacking > > from 65.208.188.105 port 58443 ssh2 > > ----end of snippet > > > > I am wondering if any script is available to prevent hundreds of > > attempts on port 22 from external IPs that constantly > checking user & > > passwords on my FreeBSD PCs. > > > > What I am looking for is a deamon application/script that > receives the > > recorded data from auth.log and detects if any remote client (IP > > address) is checking user and passwords (Detection pattern: > 5 missing > > attempts in 1 min). On a successful detection, the script > should add > > an ipfw rule rejecting further IP packets from the specific remote > > address. > > > > Is any script or something similar available so far? > > I've written a BruteForceBlocer, you can install it from > ports as well, check security/bruteforceblocker. > > Hope you will like it. > > -- > Sincerely, > Daniel Gerzo > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00ee01c62225$4fb3de00$6600a8c0>