Date: Thu, 6 Oct 2005 22:35:06 +0200 From: Daniel Gerzo <danger@rulez.sk> To: "Dave" <dmehler26@woh.rr.com> Cc: freebsd-questions@freebsd.org Subject: Re[2]: bruteforceblocker + PF Message-ID: <1475883194.20051006223506@rulez.sk> In-Reply-To: <000b01c5cab3$ef6493f0$0900a8c0@satellite> References: <000b01c5cab3$ef6493f0$0900a8c0@satellite>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Dave, Thursday, October 6, 2005, 10:24:20 PM, you wrote about: > Hello, > I've got bruetforceblocker going with pf, i just installed the port. My > box is a 5.4 machine. I have it going on my lan server, which does ssh for > my network, it's the box you'll hit if you ssh in as opposed to the firewall > box. It's adding ip's to the table, but it's doing it staggeringly, i see > activity in my logs where atempts are made and then the IP's keep coming > back as if they're not being blocked. I'm running BruteForceBlocker on a bunch of the boxes and I have no problem with it. can you check the pf table, if it is growing? Can you also see messages like: User root from 67.15.192.35 not allowed because not listed in AllowUsers 67.15.192.35 was logged with total count of 1. Failed password for invalid user root from 67.15.192.35 port 36082 ssh2 67.15.192.35 was logged with total count of 2. User root from 67.15.192.35 not allowed because not listed in AllowUsers 67.15.192.35 was logged with total count of 3. Failed password for invalid user root from 67.15.192.35 port 36111 ssh2 IP 67.15.192.35 reached the maximum number of failed attempts!!! Adding IP to the firewall... in your auth logfile? If you want to check the pf table use command like: # pfctl -t bruteforce -T show > Thanks. > Dave. -- Best Regards, Daniel Gerzo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1475883194.20051006223506>