From owner-freebsd-questions@FreeBSD.ORG Thu Jan 26 03:03:55 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 60AD416A420 for ; Thu, 26 Jan 2006 03:03:55 +0000 (GMT) (envelope-from paulh@bdug.org.au) Received: from mail.bdug.org.au (mail.bdug.org.au [202.72.170.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C4AB43D49 for ; Thu, 26 Jan 2006 03:03:53 +0000 (GMT) (envelope-from paulh@bdug.org.au) Received: from localhost (localhost.bdug.org.au [127.0.0.1]) by mail.bdug.org.au (Postfix) with ESMTP id 01A9ADA8; Thu, 26 Jan 2006 11:03:51 +0800 (WST) Received: from mail.bdug.org.au ([127.0.0.1]) by localhost (ant.bdug.org.au [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 37891-03; Thu, 26 Jan 2006 11:03:44 +0800 (WST) Received: from w2k2 (unknown [192.168.0.102]) by mail.bdug.org.au (Postfix) with ESMTP id D131D4D; Thu, 26 Jan 2006 11:03:44 +0800 (WST) From: "Paul Hamilton" To: "'Daniel Gerzo'" , Date: Thu, 26 Jan 2006 11:05:07 +0800 Message-ID: <00ee01c62225$4fb3de00$6600a8c0@w2k2> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 In-Reply-To: <20060124235744.GA99424@daemon.rulez.sk> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-Virus-Scanned: amavisd-new at bdug.org.au Cc: questions@freebsd.org Subject: RE: auth.log & intruder prevention X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2006 03:03:55 -0000 Hi Daniel, On your web site, you show how easy it is to convert to IPTABLES. I = presume then it would be quite easy to reconfigure to use IPFW as well? Cheers, Paul > -----Original Message----- > From: owner-freebsd-questions@freebsd.org=20 > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Daniel Gerzo > Sent: Wednesday, 25 January 2006 7:58 AM > To: Ilias.Sachpazidis@igd.fraunhofer.de > Cc: questions@freebsd.org > Subject: Re: auth.log & intruder prevention >=20 >=20 > On Tue, Jan 24, 2006 at 10:02:26PM +0100, Ilias Sachpazidis wrote: > > Hi Everyone, >=20 > hello, > =20 > >=20 > > In auth.log of my FreeBSD boxes I got many requests to port=20 > 22, as you=20 > > can see below. ----begin of snippet > > Jan 22 11:21:50 zeus sshd[92900]: Failed password for=20 > illegal user cracking > > from 65.208.188.105 port 58344 ssh2 > > Jan 22 11:21:53 zeus sshd[92902]: Failed password for=20 > illegal user hacking > > from 65.208.188.105 port 58443 ssh2 > > ----end of snippet > >=20 > > I am wondering if any script is available to prevent hundreds of=20 > > attempts on port 22 from external IPs that constantly=20 > checking user &=20 > > passwords on my FreeBSD PCs. > >=20 > > What I am looking for is a deamon application/script that=20 > receives the=20 > > recorded data from auth.log and detects if any remote client (IP=20 > > address) is checking user and passwords (Detection pattern:=20 > 5 missing=20 > > attempts in 1 min). On a successful detection, the script=20 > should add=20 > > an ipfw rule rejecting further IP packets from the specific remote=20 > > address. > >=20 > > Is any script or something similar available so far? >=20 > I've written a BruteForceBlocer, you can install it from=20 > ports as well, check security/bruteforceblocker. >=20 > Hope you will like it. >=20 > --=20 > Sincerely, > Daniel Gerzo > _______________________________________________ > freebsd-questions@freebsd.org mailing list=20 > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to=20 > "freebsd-questions-unsubscribe@freebsd.org" >=20 >=20