Date: Mon, 25 Jul 2005 18:28:00 +0200 From: Andreas Pettersson <andpet@telia.com> To: freebsd-isp@freebsd.org Subject: Re: ssh brute force Message-ID: <42E51310.60102@telia.com> In-Reply-To: <77588585.20050725010451@rulez.sk> References: <f72a639a050719121244719e22@mail.gmail.com> <42DEAE1F.8000702@novusordo.net> <d64aa176050720174322ebc621@mail.gmail.com> <77588585.20050725010451@rulez.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
Daniel Gerzo wrote: >Hello Chris, > >Thursday, July 21, 2005, 2:43:08 AM, si tukal: > > > >>On 7/20/05, Chris Jones <cdjones@novusordo.net> wrote: >> >> >>>I'm looking at having a script look at SSH's log output for repeated >>>failed connection attempts from the same address, and then blocking that >>>address through pf (I'm not yet sure whether I want to do it temporarily >>>or permanently). >>> >>> >>Matt Dillon wrote an app in C to do just that, with ipfw. >>http://leaf.dragonflybsd.org/mailarchive/users/2005-03/msg00008.html >> >> >>Scott Ullrich modified it to work with pf. >>http://pfsense.org/cgi-bin/cvsweb.cgi/tools/sshlockout_pf.c >> >> > >I have made security/bruteforceblocker >It's a perl script that works with opensshd's logs and pf > > And here is another one, similar to Daniel's, but this one uses ipfw instead, AND another neat thing is that a block isn't permanent. There's a janitor cleaning up ipfw rules after a specified time. http://anp.ath.cx/sshit/ I made it the other day, so I haven't had time to hardcore test it. Let me know if it's not working, or if it is ;-) /Andreas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42E51310.60102>