From owner-freebsd-questions@FreeBSD.ORG Wed Sep 17 23:40:48 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C99001065673 for ; Wed, 17 Sep 2008 23:40:48 +0000 (UTC) (envelope-from v.velox@vvelox.net) Received: from vulpes.vvelox.net (vulpes.vvelox.NET [74.200.198.26]) by mx1.freebsd.org (Postfix) with ESMTP id A512C8FC26 for ; Wed, 17 Sep 2008 23:40:48 +0000 (UTC) (envelope-from v.velox@vvelox.net) Received: from vixen42 (c-67-173-22-216.hsd1.il.comcast.net [67.173.22.216]) (Authenticated sender: v.velox) by vulpes.vvelox.net (Postfix) with ESMTP id A1F61B871; Wed, 17 Sep 2008 18:30:08 -0500 (CDT) Date: Wed, 17 Sep 2008 18:27:20 -0500 From: Vulpes Velox To: "Marc G. Fournier" Message-ID: <20080917182720.27e9c628@vixen42> In-Reply-To: <14143EECEC1CC52A4BC39AC3@ganymede.hub.org> References: <14143EECEC1CC52A4BC39AC3@ganymede.hub.org> X-Mailer: Claws Mail 3.5.0 (GTK+ 2.12.11; i386-portbld-freebsd6.3) Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/NSetSmvKUf9ZvlL3Z8idEs7"; protocol="application/pgp-signature"; micalg=PGP-SHA1 Cc: freebsd-questions@freebsd.org Subject: Re: Auto blacklist ssh connections ... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Sep 2008 23:40:48 -0000 --Sig_/NSetSmvKUf9ZvlL3Z8idEs7 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Wed, 17 Sep 2008 20:15:45 -0300 "Marc G. Fournier" wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 >=20 > Does anyone know of a utility that I can use with sshd to > auto-block by IP if there are more then N failed attempts in a row? >=20 > ie: >=20 > # grep "Invalid user" /var/log/auth.log| awk '{print $10}' | sort | > uniq -c | sort -nr > 5268 140.113.210.174=20 >=20 > 4863 72.52.225.116=20 >=20 > 3586 116.14.255.141=20 >=20 > 2918 193.205.186.67=20 >=20 > 2033 219.76.75.6=20 >=20 > 1308 216.14.127.67=20 >=20 > 1059 61.72.106.71=20 >=20 > 983 93.123.14.9=20 >=20 > 691 202.75.221.197=20 >=20 > 649 59.77.33.139=20 >=20 > 381 201.80.15.207=20 >=20 > 269 190.10.255.73=20 >=20 > 212 81.252.254.189=20 >=20 > 181 123.151.32.12=20 >=20 > 150 211.21.47.50=20 >=20 > 139 196.219.63.3=20 >=20 > 128 200.111.64.171=20 >=20 >=20 >=20 > This is for one day ... I'd like to be able to throttle so that > after X Invalid user attempts, the IP gets blocked ... >=20 > Possible? security/sshguard security/blocksshd security/denyhosts security/bruteforceblocker --Sig_/NSetSmvKUf9ZvlL3Z8idEs7 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkjRkmAACgkQqrJJy0yxYQB29QCeOwxgMVhFCTCbfjrHhET2GfnM SbEAn28DJ0m0uJNclOq3LdjZJBFgY5XB =efGH -----END PGP SIGNATURE----- --Sig_/NSetSmvKUf9ZvlL3Z8idEs7--