From owner-freebsd-questions@FreeBSD.ORG Mon Nov 13 13:16:49 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 13B6616A4E5 for ; Mon, 13 Nov 2006 13:16:49 +0000 (UTC) (envelope-from masyukevich@spiritdsp.com) Received: from mail3.spiritcorp.com (mail3.spiritcorp.com [85.13.194.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB32F43EBC for ; Mon, 13 Nov 2006 13:15:47 +0000 (GMT) (envelope-from masyukevich@spiritdsp.com) Received: from mail-srv.spiritcorp.com (mail-srv.spiritcorp.com [192.168.125.3]) by mail3.spiritcorp.com (8.13.8/8.13.4) with SMTP id kADDCxRF053317; Mon, 13 Nov 2006 13:16:06 GMT (envelope-from masyukevich@spiritdsp.com) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Mon, 13 Nov 2006 16:14:02 +0300 Message-ID: In-Reply-To: <20061113060528.GA7646@best.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? Thread-Index: AccG6ffAwQTv2gDfRGOAETs7y/uwpAAOeOuA From: "Maxim Masyukevich" To: "Leo L. Schwab" , X-Virus-Scanned: ClamAV 0.88.6/2190/Mon Nov 13 09:31:57 2006 on mail3.spiritcorp.com X-Virus-Status: Clean X-Spam-Status: SPAM, hits=-99.987 required=3.6 X-Spam-Status: No SPAM X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.57 on 192.168.125.15 Cc: Subject: RE: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2006 13:16:49 -0000 Hello ALL! You just must use the utility 'DenyHosts', and all Your problems will be solved! DenyHosts the remarkable utility! It's protects only service ssh, and anything more. It is easy in adjustments and very effective in work. You can find this utility in a collection of ports. http://denyhosts.net/=20 Best regards, Masyukevich Maksim SPIRIT DSP, www.spiritDSP.com/voip, Embedded Voice Experience SeeStorm, www.SeeStorm.com, Synthetic Video Conferencing TeamSpirit - Award-Winning Multi-Point Voice Conferencing Engine -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Leo L. Schwab Sent: Monday, November 13, 2006 9:05 AM To: freebsd-questions@freebsd.org Subject: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? I recently installed FreeBSD 6.1 on my gateway. It replaced an installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had disabled the SSH server. Since all the bugs in SSH are fixed now ( :-) ), I thought I'd leave the server on, and am somewhat dismayed to discover that I now get occasional brute-force/dictionary attacks on the port. A little Googling revealed a couple of potentially useful tools: 'sshit' and 'bruteblock', both of which notice repeated login attempts from a given IP address and blackhole it in the firewall. I first tried 'sshit', but after a couple days, I noticed in my daily reports that I was still getting lengthy bruteforce attempts, suggesting the 'sshit' was not working. So I uninstalled 'sshit' and installed 'bruteblock'. But again a couple days later, the logs showed lengthy bruteforce attempts going unblocked. The relevant lines from my /etc/syslog.conf file are: ---- auth.info;authpriv.info /var/log/auth.log auth.info;authpriv.info | exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf ---- Any hints as to what I might be doing wrong? Thanks, Schwab _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"