Date: Sat, 8 Apr 2023 16:16:33 +0200 From: Moin Rahman <bofh@freebsd.org> To: Pete Wright <pete@nomadlogic.org> Cc: ports@freebsd.org Subject: Re: security/portsentry removal Message-ID: <23E20653-1D31-40F6-91DA-3797475379E1@freebsd.org> In-Reply-To: <b134b226-0eae-ec7c-b947-b04233d6faef@nomadlogic.org> References: <0bfd94dd-5be3-6461-cb98-db1a1664e220@netfence.it> <3d779c56-236d-f18b-5ac0-71f6580bb498@bluerosetech.com> <a8619455-ae93-6bfd-fc5e-b0f66d8ffde7@netfence.it> <b134b226-0eae-ec7c-b947-b04233d6faef@nomadlogic.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_CAD2382A-C577-4535-B3AC-52899AF2D827 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Apr 8, 2023, at 3:55 PM, Pete Wright <pete@nomadlogic.org> wrote: >=20 >=20 > On 4/8/23 12:47 AM, Andrea Venturoli wrote: >> On 4/8/23 04:56, Mel Pilgrim wrote: >>=20 >>>> Can anyone suggest something equivalent in the port tree? >>>=20 >>> Have a look at fail2ban. It's design intent is monitoring running = services, but really it's just a set of log file regex filters. Anything = that logs network activity can feed it. >>=20 >> Hello and thanks for answering. >> In fact I'm already using fail2ban for "running" services. >>=20 >> Portsenty is a bit different, in that it's conceived to listen on = ports used by non-running services. >> I.e. >> Got a SMTP server? Let fail2ban check its logs. >> No? Let portsentry listen on port 25. >>=20 >> I thought about writing regexes for fail2ban to check if ipfw denied = access to ports where portsentry used to listen. >> So far it's the best idea I've come up with, but I hoped for = something simpler (i.e. more close to how portsentry worked). >>=20 >=20 > would blacklistd(8) meet your requirements? i use it to block ssh = login spammers with decent success. its part of the base system as = well, but does require pf. >=20 > -p >=20 >=20 blacklistd is a good product as it's available out of the box however = from my experience fail2ban does a better job. So far I recall = blacklistd is supported only by ssh and postfix. One more thing is = blacklistd does not detect brute for attack of invalid users in ssh. Kind regards, Moin(with all hats off) --Apple-Mail=_CAD2382A-C577-4535-B3AC-52899AF2D827 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEETfdREoUGjQZKBS+fvbm1phfAvJEFAmQxd0FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRE Rjc1MTEyODUwNjhEMDY0QTA1MkY5RkJEQjlCNUE2MTdDMEJDOTEACgkQvbm1phfA vJEiaw/9FiFr3//8bJdHid7KS20PpwhbnY03mSiRJcH2PZkqhJgAxCfaVTdWeKPE pLnXrMrEnSPEIj/lcx8426GMYVbvCe6W+Fj1GRHwiLzKEZP7PTnLuZlBg6tnhk3j g4LpAOJ53/8n8DAoN4fuxmlx4NyvHP8/UzP5/n9/wQAkP23P1yk0ADlL6FFllEsd Z6DCjiaTb9sOdjffnOSR4NMMuC5oVzlCFaNAudghze/Q7hpIjNBCKLEBhTcEhDQM 8gxwO0jGnHv6KX/N5g6UdVjRwC6xlgwekGesb4psE4MZrW/GCYQ7pDeKjR/4KZeP y/WrDs4ovsnUVwq/CVwZsJSzd6RfovnJMUf+S731Gms/QvDGseiG4WYtRkC4Ayb4 UGOurGJZU+HglvYmJpCgTBLnQnFW8fKXNHD9Fw2As7zTw/bASluusmjlf2gMUpiB DwpwqYsNOnQcPrQq5VjvPG5g4ckwAfux1/6dVJjjf0VeJfoDJaev5QcdMElnTGGt DME1i+NdLTCqhfowDvEuihhhFkFmtb0tB5nslEYolbze8akylubWFE6gcAjVOZ/s dVOj8aHF+Q/E2IFMHKaWaQMHG/Yst//nPseTGascF7YNIpEanMQchj/iaacwFVx8 Ofn8rppJaEcV8GpITpgN21iFmBbhryGAQ+ZYb9rlSZf3dD/6pJ0= =Sr0G -----END PGP SIGNATURE----- --Apple-Mail=_CAD2382A-C577-4535-B3AC-52899AF2D827--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?23E20653-1D31-40F6-91DA-3797475379E1>