Date: Tue, 26 Jul 2005 09:33:27 +0100 From: Simon Dick <simond@irrelevant.org> To: Andrew McNaughton <andrew@scoop.co.nz> Cc: freebsd-isp@freebsd.org, Andreas Pettersson <andpet@telia.com> Subject: Re: ssh brute force Message-ID: <1122366807.93136.12.camel@laptop.lcn.com> In-Reply-To: <20050726174743.S5699@a2.scoop.co.nz> References: <f72a639a050719121244719e22@mail.gmail.com> <42DEAE1F.8000702@novusordo.net> <d64aa176050720174322ebc621@mail.gmail.com> <77588585.20050725010451@rulez.sk> <42E51310.60102@telia.com> <20050726174743.S5699@a2.scoop.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2005-07-26 at 17:52 +1200, Andrew McNaughton wrote: > On Mon, 25 Jul 2005, Andreas Pettersson wrote: > > > Daniel Gerzo wrote: > > > > And here is another one, similar to Daniel's, but this one uses ipfw instead, > > AND another neat thing is that a block isn't permanent. There's a janitor > > cleaning up ipfw rules after a specified time. > > > > http://anp.ath.cx/sshit/ > > > > I made it the other day, so I haven't had time to hardcore test it. > > Let me know if it's not working, or if it is ;-) > > > > Rather than having a whole bunch of processes running doing this sort of > thing, at least some of which are important enough to need monitoring > themselves (eg in my case pop based smtp authentication), it would be nice > to have a single process monitoring log activity, with some sort of plugin > system for adding various functionality for monitoring different things > and taking various actions. > > Anyone know of such a beast? Perl preferred. security/swatch perhaps? -- Simon Dick <simond@irrelevant.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1122366807.93136.12.camel>