Date: Wed, 13 Oct 2004 10:04:24 -0400 From: "Brian J. McGovern" <bmcgover@cisco.com> To: questions@freebsd.org Subject: Automatic Firewall software? Message-ID: <200410131404.i9DE4ONU047345@bmcgover-pc.cisco.com>
next in thread | raw e-mail | index | archive | help
All, This morning, I woke up to find one of my systems under hacker attack (considerable multiple attempts to log in to ftp, ssh, etc., mostly using system accounts). I loaded ipfw and set up a couple of quick rules to block the point of origin. Unfortunately, the address appears to be DHCP'ed, so I expect the hacker will at some point get a new address, and start over. Rather than having to hang over my machine is there any software out there that will monitor logs (e.g. /var/log/messages), parse out failed logins like this, and run an ipfw command to block it? Perhaps something can be done via PAM? An added extra bonus would be if it would unblock after some period of time, in case a legit. user bungles their password, and can't get in (saves the service call). -Brian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410131404.i9DE4ONU047345>