Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Jul 2001 10:21:01 -0700
From:      Bruce Dang <btdang@home.com>
To:        "Jason L. Schwab" <jlschwab@jlschwab.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: login failure question
Message-ID:  <3B5473FD.7D32070C@home.com>
References:  <20010717094033.F3123-100000@mirage.jlschwab.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Jason,

You might want to look at login.conf(5) man page.  Regarding the scans;
in today's Internet, there are 349067239460723986 leeto kids running
around scanning for leeto exploits, so getting scanned on a daily basis
is NORMAL now ;).  So the best you can do is block those IPs. An good
way of logging these stuff is setting
net.inet.tcp.log_in_vain=1
net.inet.udp.log_in_vain=1

via sysctl(8).  Btw, if you are running telnet, I suggest you close that
and use ssh instead.

Bruce Dang
www.tbug.org

"Jason L. Schwab" wrote:
> 
> Hiya;
> 
>         I run multiple servers running FreeBSD 4.X-S (most of them 4.3-S).
>         Lately, I have been getting alot of brute force attemps to login
>         into my machine, not that I care, because they dont have a chance
>         of logging in, also I have been getting alot of port scans, well
>         the port scans I took care of via portsentry and ipfw (freebsd's
>         firewall).
> 
>         What I am wondering is, is there a way, for like after 10 invalid
>         logins from the same host/ip (mask?) can I have login run a ipfw
>         command and block them for like 24 hours or something? I can do
>         the 24 thing, I just need to know how to have login run whatever
>         script I want it to call.
> 
>         Thanks a million.
> 
> -
> 
>  Jason L. Schwab --> <jlschwab@jlschwab.com>
> Unix Systems Administrator && Perl Programmer
>   My PGP Key: finger jlschwab@jlschwab.com
> 
> -
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B5473FD.7D32070C>