From owner-freebsd-questions@FreeBSD.ORG Mon Jun 23 07:27:53 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CEF51A72 for ; Mon, 23 Jun 2014 07:27:53 +0000 (UTC) Received: from mail-ob0-x236.google.com (mail-ob0-x236.google.com [IPv6:2607:f8b0:4003:c01::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9762626A8 for ; Mon, 23 Jun 2014 07:27:53 +0000 (UTC) Received: by mail-ob0-f182.google.com with SMTP id nu7so3527822obb.41 for ; Mon, 23 Jun 2014 00:27:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=iN53JNhFd4QQ//oGfgfLVoB9QBsrCcimVF/+Lbczl0k=; b=T7JrWeNHPBdspowatXfZC4QiyUDZpCu7TOax/rguGmVbP1qp4N+F7oI7QXaNf/2x4H DklCLqIADRRP9wzSkNNRTKqU/FeS79gj47ZN1w/xV2CgsUj1VRridP1UQDzQX6gqgQgy d4c7PA1Tsavxk4al0PftX8wO5pq9QCewnIH74+YyE/q5ze/NV33g7p+Fo67BS+AabheO lp0p766cbmHIAy6p/Ogz74eV20ILIHsv7d73FZUSynn0TVLuezHbN76bTF9nJkztPMSa Hx0A+ATOWxi0Q/7PVurrEg/GHBICLMWnntE23KWg0msVNPNwIi1nX1BU1TMcg2Ntl6l5 aFEg== X-Received: by 10.60.54.101 with SMTP id i5mr18522435oep.10.1403508471499; Mon, 23 Jun 2014 00:27:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.76.173.129 with HTTP; Mon, 23 Jun 2014 00:27:31 -0700 (PDT) In-Reply-To: References: <20140623004117.GA25023@ozzmosis.com> From: n j Date: Mon, 23 Jun 2014 09:27:31 +0200 Message-ID: Subject: Re: PAM: Authentication Attack? To: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2014 07:27:54 -0000 On Mon, Jun 23, 2014 at 2:46 AM, Chris Maness wrote: > I tried that, but was not working. It seemed to be some > incompatibility with ipfw, and I figured it might be because I am > running 10.0. Maybe some changes in ipfw broke it. It seemed easier > to set up than using it with pf, but I got it working. I like it > better than denyhost that I had been running forever, as it covers > more types of attacks. > > Thanks, > Chirs KQ6UP > > On Sun, Jun 22, 2014 at 5:41 PM, andrew clarke wrote: > > On Sun 2014-06-22 08:28:29 UTC-0700, Chris Maness (chris@chrismaness.com) > wrote: > > > >> After digging around I am going to use sshgaurd-pf. Any opinions on > >> this software? > > > > I use its brother, sshguard-ipfw. It works well, although the FreeBSD > > port has a silly habit of disabling itself whenever you upgrade the > > port. > I also use sshguard-ipfw and find it quite useful. The only problem I experienced is that it core dumps on restart if there is a non-empty blacklist (in /var/db/sshguard/blacklist.db). -- Nino