From owner-freebsd-isp@FreeBSD.ORG  Thu Jul 21 10:51:51 2005
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 93A8116A423
	for <freebsd-isp@freebsd.org>; Thu, 21 Jul 2005 10:51:51 +0000 (GMT)
	(envelope-from todor.dragnev@gmail.com)
Received: from mail.sistechnology.com (torro.sistechnology.com [217.79.65.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4A1ED43D82
	for <freebsd-isp@freebsd.org>; Thu, 21 Jul 2005 10:51:38 +0000 (GMT)
	(envelope-from todor.dragnev@gmail.com)
Received: from localhost (localhost [127.0.0.1])
	by mail.sistechnology.com (Postfix) with ESMTP id 4248D46BE9;
	Thu, 21 Jul 2005 14:42:45 +0300 (EEST)
Received: from mail.sistechnology.com ([217.79.65.130])
	by localhost (torro [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
	id 28935-08; Thu, 21 Jul 2005 14:42:41 +0300 (EEST)
Received: from nova.sistechnology.com (unknown [192.168.7.3])
	by mail.sistechnology.com (Postfix) with ESMTP id 145F846BE1;
	Thu, 21 Jul 2005 14:42:41 +0300 (EEST)
From: Todor Dragnev <todor.dragnev@gmail.com>
To: Chris Buechler <cbuechler@gmail.com>
Date: Thu, 21 Jul 2005 13:49:59 +0300
User-Agent: KMail/1.6.2
References: <f72a639a050719121244719e22@mail.gmail.com>
	<42DEAE1F.8000702@novusordo.net>
	<d64aa176050720174322ebc621@mail.gmail.com>
In-Reply-To: <d64aa176050720174322ebc621@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200507211349.59772.todor.dragnev@gmail.com>
X-Virus-Scanned: by the vKeeper at sistechnology.com
Cc: freebsd-isp@freebsd.org, Chris Jones <cdjones@novusordo.net>
Subject: Re: ssh brute force
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: todor.dragnev@gmail.com
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2005 10:51:51 -0000

Thank you.

On Thursday 21 July 2005 03:43, Chris Buechler wrote:
> On 7/20/05, Chris Jones <cdjones@novusordo.net> wrote:
> > I'm looking at having a script look at SSH's log output for repeated
> > failed connection attempts from the same address, and then blocking that
> > address through pf (I'm not yet sure whether I want to do it temporarily
> > or permanently).
>
> Matt Dillon wrote an app in C to do just that, with ipfw.
> http://leaf.dragonflybsd.org/mailarchive/users/2005-03/msg00008.html
>
> Scott Ullrich modified it to work with pf.
> http://pfsense.org/cgi-bin/cvsweb.cgi/tools/sshlockout_pf.c
>
> -Chris