Date: Wed, 17 Sep 2008 22:58:18 -0400 From: Nathan Lay <nslay@comcast.net> To: "Marc G. Fournier" <scrappy@hub.org> Cc: freebsd-questions@freebsd.org Subject: Re: Auto blacklist ssh connections ... Message-ID: <48D1C3CA.30309@comcast.net> In-Reply-To: <14143EECEC1CC52A4BC39AC3@ganymede.hub.org> References: <14143EECEC1CC52A4BC39AC3@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I employed this solution: http://johan.fredin.info/openbsd/block_ssh_bruteforce.html You have to enable pf, but man it works and it works well! Best Regards, Nathan Lay Marc G. Fournier wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Does anyone know of a utility that I can use with sshd to auto-block by IP if > there are more then N failed attempts in a row? > > ie: > > # grep "Invalid user" /var/log/auth.log| awk '{print $10}' | sort | uniq -c | > sort -nr > 5268 140.113.210.174 > > 4863 72.52.225.116 > > 3586 116.14.255.141 > > 2918 193.205.186.67 > > 2033 219.76.75.6 > > 1308 216.14.127.67 > > 1059 61.72.106.71 > > 983 93.123.14.9 > > 691 202.75.221.197 > > 649 59.77.33.139 > > 381 201.80.15.207 > > 269 190.10.255.73 > > 212 81.252.254.189 > > 181 123.151.32.12 > > 150 211.21.47.50 > > 139 196.219.63.3 > > 128 200.111.64.171 > > > > This is for one day ... I'd like to be able to throttle so that after X Invalid > user attempts, the IP gets blocked ... > > Possible? > > - -- > Marc G. Fournier Hub.Org Hosting Solutions S.A. (http://www.hub.org) > Email . scrappy@hub.org MSN . scrappy@hub.org > Yahoo . yscrappy Skype: hub.org ICQ . 7615664 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.9 (FreeBSD) > > iEYEARECAAYFAkjRj6EACgkQ4QvfyHIvDvOsYQCgyaB3MhvHJk9qShRlovwSAXxx > 3oQAn2NQ8zLFVO82Udp+mZaojwbfoKmw > =SuAI > -----END PGP SIGNATURE----- > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48D1C3CA.30309>