From owner-freebsd-security@FreeBSD.ORG Mon Oct 3 00:48:01 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CFAA16A41F; Mon, 3 Oct 2005 00:48:01 +0000 (GMT) (envelope-from lists@subhi.com) Received: from chi-2.us.vhost.org (chi-2.us.vhost.org [198.63.211.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC30143D45; Mon, 3 Oct 2005 00:48:00 +0000 (GMT) (envelope-from lists@subhi.com) Received: from [82.111.95.135] (helo=CAESAR) by chi-2.us.vhost.org with esmtp (Exim 4.53 (FreeBSD)) id 1EMEUl-0006lM-6K; Mon, 03 Oct 2005 01:47:55 +0100 Date: Mon, 3 Oct 2005 01:47:54 +0100 From: Subhi S Hashwa X-Mailer: The Bat! (v3.60.07) Professional X-Priority: 3 (Normal) Message-ID: <1323455932.20051003014754@subhi.com> To: Don Lewis In-Reply-To: <200510022208.j92M8joS016722@gw.catspoiler.org> References: <6.2.3.4.2.20051002153930.07a50528@localhost> <200510022208.j92M8joS016722@gw.catspoiler.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) Cc: freebsd-security@FreeBSD.org Subject: Re[2]: Repeated attacks via SSH X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Subhi S Hashwa List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Oct 2005 00:48:01 -0000 Sunday, October 2, 2005, 11:08:45 PM, Don Lewis wrote: > It's also a good idea to only allow public key authentication from > remote hosts. This avoids the risks of password guessing and password > capture by shoulder surfers or key loggers. I came across this package in ports, which could be useful in this type of situation /usr/ports/security/bruteforceblocker BruteForceBlocker is a script, that works along with pf - OpenBSD's firewall. When this script is running, it checks sshd's auth log for Failed Password attempts and counts it's number. When given IP reaches specified number of fails, script adds this IP to the pf's table and block any other traffic to the given box. If you are bored of those automated auth tries, you will be happy with this script. WWW: http://danger.rulez.sk/projects/bruteforceblocker/ -- Best regards, Subhi S Hashwa mailto:lists@subhi.com When everything is heading your way, you're in the wrong lane.