Date: Wed, 17 Sep 2008 20:15:45 -0300 From: "Marc G. Fournier" <scrappy@hub.org> To: freebsd-questions@freebsd.org Subject: Auto blacklist ssh connections ... Message-ID: <14143EECEC1CC52A4BC39AC3@ganymede.hub.org>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Does anyone know of a utility that I can use with sshd to auto-block by IP if
there are more then N failed attempts in a row?
ie:
# grep "Invalid user" /var/log/auth.log| awk '{print $10}' | sort | uniq -c |
sort -nr
5268 140.113.210.174
4863 72.52.225.116
3586 116.14.255.141
2918 193.205.186.67
2033 219.76.75.6
1308 216.14.127.67
1059 61.72.106.71
983 93.123.14.9
691 202.75.221.197
649 59.77.33.139
381 201.80.15.207
269 190.10.255.73
212 81.252.254.189
181 123.151.32.12
150 211.21.47.50
139 196.219.63.3
128 200.111.64.171
This is for one day ... I'd like to be able to throttle so that after X Invalid
user attempts, the IP gets blocked ...
Possible?
- --
Marc G. Fournier Hub.Org Hosting Solutions S.A. (http://www.hub.org)
Email . scrappy@hub.org MSN . scrappy@hub.org
Yahoo . yscrappy Skype: hub.org ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
iEYEARECAAYFAkjRj6EACgkQ4QvfyHIvDvOsYQCgyaB3MhvHJk9qShRlovwSAXxx
3oQAn2NQ8zLFVO82Udp+mZaojwbfoKmw
=SuAI
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14143EECEC1CC52A4BC39AC3>