Date: Tue, 17 Jul 2001 10:21:01 -0700 From: Bruce Dang <btdang@home.com> To: "Jason L. Schwab" <jlschwab@jlschwab.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: login failure question Message-ID: <3B5473FD.7D32070C@home.com> References: <20010717094033.F3123-100000@mirage.jlschwab.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jason, You might want to look at login.conf(5) man page. Regarding the scans; in today's Internet, there are 349067239460723986 leeto kids running around scanning for leeto exploits, so getting scanned on a daily basis is NORMAL now ;). So the best you can do is block those IPs. An good way of logging these stuff is setting net.inet.tcp.log_in_vain=1 net.inet.udp.log_in_vain=1 via sysctl(8). Btw, if you are running telnet, I suggest you close that and use ssh instead. Bruce Dang www.tbug.org "Jason L. Schwab" wrote: > > Hiya; > > I run multiple servers running FreeBSD 4.X-S (most of them 4.3-S). > Lately, I have been getting alot of brute force attemps to login > into my machine, not that I care, because they dont have a chance > of logging in, also I have been getting alot of port scans, well > the port scans I took care of via portsentry and ipfw (freebsd's > firewall). > > What I am wondering is, is there a way, for like after 10 invalid > logins from the same host/ip (mask?) can I have login run a ipfw > command and block them for like 24 hours or something? I can do > the 24 thing, I just need to know how to have login run whatever > script I want it to call. > > Thanks a million. > > - > > Jason L. Schwab --> <jlschwab@jlschwab.com> > Unix Systems Administrator && Perl Programmer > My PGP Key: finger jlschwab@jlschwab.com > > - > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B5473FD.7D32070C>