Date: Mon, 13 Nov 2006 16:14:02 +0300 From: "Maxim Masyukevich" <masyukevich@spiritdsp.com> To: "Leo L. Schwab" <ewhac@best.com>, <freebsd-questions@freebsd.org> Subject: RE: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? Message-ID: <AA5A65FC22B6F145830AC0EAC7586A6C028D6A2B@mail-srv.spiritcorp.com> In-Reply-To: <20061113060528.GA7646@best.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello ALL! You just must use the utility 'DenyHosts', and all Your problems will be solved! DenyHosts the remarkable utility! It's protects only service ssh, and anything more. It is easy in adjustments and very effective in work. You can find this utility in a collection of ports. http://denyhosts.net/=20 Best regards, Masyukevich Maksim SPIRIT DSP, www.spiritDSP.com/voip, Embedded Voice Experience SeeStorm, www.SeeStorm.com, Synthetic Video Conferencing TeamSpirit - Award-Winning Multi-Point Voice Conferencing Engine -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Leo L. Schwab Sent: Monday, November 13, 2006 9:05 AM To: freebsd-questions@freebsd.org Subject: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? I recently installed FreeBSD 6.1 on my gateway. It replaced an installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had disabled the SSH server. Since all the bugs in SSH are fixed now ( :-) ), I thought I'd leave the server on, and am somewhat dismayed to discover that I now get occasional brute-force/dictionary attacks on the port. A little Googling revealed a couple of potentially useful tools: 'sshit' and 'bruteblock', both of which notice repeated login attempts from a given IP address and blackhole it in the firewall. I first tried 'sshit', but after a couple days, I noticed in my daily reports that I was still getting lengthy bruteforce attempts, suggesting the 'sshit' was not working. So I uninstalled 'sshit' and installed 'bruteblock'. But again a couple days later, the logs showed lengthy bruteforce attempts going unblocked. The relevant lines from my /etc/syslog.conf file are: ---- auth.info;authpriv.info /var/log/auth.log auth.info;authpriv.info | exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf ---- Any hints as to what I might be doing wrong? Thanks, Schwab _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AA5A65FC22B6F145830AC0EAC7586A6C028D6A2B>