From owner-freebsd-security Tue Jul 17 8:43:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from mirage.jlschwab.com (cc1035823-c.sandia1.nm.home.com [24.179.146.111]) by hub.freebsd.org (Postfix) with ESMTP id 0B86F37B405 for ; Tue, 17 Jul 2001 08:43:25 -0700 (PDT) (envelope-from jlschwab@jlschwab.com) Received: by mirage.jlschwab.com (Postfix, from userid 1000) id 997143E99; Tue, 17 Jul 2001 09:43:23 -0600 (MDT) Received: from localhost (localhost [127.0.0.1]) by mirage.jlschwab.com (Postfix) with ESMTP id 92FEA7CA8 for ; Tue, 17 Jul 2001 09:43:23 -0600 (MDT) Date: Tue, 17 Jul 2001 09:43:23 -0600 (MDT) From: "Jason L. Schwab" To: Subject: login failure question Message-ID: <20010717094033.F3123-100000@mirage.jlschwab.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hiya; I run multiple servers running FreeBSD 4.X-S (most of them 4.3-S). Lately, I have been getting alot of brute force attemps to login into my machine, not that I care, because they dont have a chance of logging in, also I have been getting alot of port scans, well the port scans I took care of via portsentry and ipfw (freebsd's firewall). What I am wondering is, is there a way, for like after 10 invalid logins from the same host/ip (mask?) can I have login run a ipfw command and block them for like 24 hours or something? I can do the 24 thing, I just need to know how to have login run whatever script I want it to call. Thanks a million. - Jason L. Schwab --> Unix Systems Administrator && Perl Programmer My PGP Key: finger jlschwab@jlschwab.com - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message