From owner-freebsd-isp@FreeBSD.ORG  Tue Jul 26 08:32:38 2005
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 79D9F16A41F
	for <freebsd-isp@freebsd.org>; Tue, 26 Jul 2005 08:32:38 +0000 (GMT)
	(envelope-from simond@irrelevant.org)
Received: from home.irrelevant.org (dsl82-163-99-113.as15444.net
	[82.163.99.113])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F35AF43D46
	for <freebsd-isp@freebsd.org>; Tue, 26 Jul 2005 08:32:37 +0000 (GMT)
	(envelope-from simond@irrelevant.org)
Received: from [83.244.151.172] (helo=localhost.localdomain)
	by home.irrelevant.org with esmtpsa (TLSv1:RC4-MD5:128)
	(Exim 4.51 (FreeBSD))
	id 1DxKrO-000IMg-ON; Tue, 26 Jul 2005 09:32:32 +0100
From: Simon Dick <simond@irrelevant.org>
To: Andrew McNaughton <andrew@scoop.co.nz>
In-Reply-To: <20050726174743.S5699@a2.scoop.co.nz>
References: <f72a639a050719121244719e22@mail.gmail.com>
	<42DEAE1F.8000702@novusordo.net>
	<d64aa176050720174322ebc621@mail.gmail.com>
	<77588585.20050725010451@rulez.sk> <42E51310.60102@telia.com>
	<20050726174743.S5699@a2.scoop.co.nz>
Content-Type: text/plain
Date: Tue, 26 Jul 2005 09:33:27 +0100
Message-Id: <1122366807.93136.12.camel@laptop.lcn.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.2.3 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.8 (--)
X-Spam-Report: Content analysis details:   (-2.8 points, 5.0 required)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-2.8 ALL_TRUSTED            Did not pass through any untrusted hosts
Cc: freebsd-isp@freebsd.org, Andreas Pettersson <andpet@telia.com>
Subject: Re: ssh brute force
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2005 08:32:38 -0000

On Tue, 2005-07-26 at 17:52 +1200, Andrew McNaughton wrote:
> On Mon, 25 Jul 2005, Andreas Pettersson wrote:
> 
> > Daniel Gerzo wrote:
> >
> > And here is another one, similar to Daniel's, but this one uses ipfw instead,
> > AND another neat thing is that a block isn't permanent. There's a janitor
> > cleaning up ipfw rules after a specified time.
> >
> > http://anp.ath.cx/sshit/
> >
> > I made it the other day, so I haven't had time to hardcore test it.
> > Let me know if it's not working, or if it is ;-)
> >
> 
> Rather than having a whole bunch of processes running doing this sort of 
> thing, at least some of which are important enough to need monitoring 
> themselves (eg in my case pop based smtp authentication), it would be nice 
> to have a single process monitoring log activity, with some sort of plugin 
> system for adding various functionality for monitoring different things 
> and taking various actions.
> 
> Anyone know of such a beast?  Perl preferred.

security/swatch perhaps?

-- 
Simon Dick <simond@irrelevant.org>