From owner-freebsd-security@FreeBSD.ORG  Wed Mar 21 14:30:08 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4668916A400
	for <freebsd-security@freebsd.org>;
	Wed, 21 Mar 2007 14:30:08 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from mx00.pub.collaborativefusion.com
	(mx00.pub.collaborativefusion.com [206.210.89.199])
	by mx1.freebsd.org (Postfix) with ESMTP id E768F13C4D5
	for <freebsd-security@freebsd.org>;
	Wed, 21 Mar 2007 14:30:07 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from vanquish.pgh.priv.collaborativefusion.com
	(vanquish.pgh.priv.collaborativefusion.com [192.168.2.61])
	(SSL: TLSv1/SSLv3,256bits,AES256-SHA)
	by wingspan with esmtp; Wed, 21 Mar 2007 10:30:07 -0400
	id 0005646C.4601416F.00014443
Date: Wed, 21 Mar 2007 10:30:06 -0400
From: Bill Moran <wmoran@collaborativefusion.com>
To: "W. D." <WD@US-Webmasters.com>
Message-Id: <20070321103006.c57729cc.wmoran@collaborativefusion.com>
References: <20070321123033.GD31533@bunrab.catwhisker.org>
	<20070321092724.fd6f1541.wmoran@collaborativefusion.com>
Organization: Collaborative Fusion
X-Mailer: Sylpheed 2.3.1 (GTK+ 2.10.9; i386-portbld-freebsd6.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: freebsd-security@freebsd.org
Subject: Re: Reality check: IPFW sees SSH traffic that sshd does not?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2007 14:30:08 -0000

In response to "W. D." <WD@US-Webmasters.com>:

> At 08:27 3/21/2007, Bill Moran, wrote:
> I run a little script I wrote that automatically adds
> >failed SSH attempts to a table that blocks them from _everything_ in my
> >pf rules. 
> 
> Do you care to share that script?

It's pretty basic, but I will share it.  I've been waiting until I'd been
using it for a while to make sure there weren't any problems.

I'll throw together an explanation and download on a web page some time
this weekend.

-- 
Bill Moran
Collaborative Fusion Inc.