Date: Fri, 7 Oct 2005 10:12:34 +0200 From: Enrique Ayesta Perojo <eayesta@portugalete.uned.es> To: Daniel Gerzo <danger@rulez.sk> Cc: questions@freebsd.org Subject: Re: bruteforceblocker + PF Message-ID: <200510071012.38464.eayesta@portugalete.uned.es> In-Reply-To: <867109688.20051006221846@rulez.sk> References: <867109688.20051006221846@rulez.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
El Osteguna 06 Urria 2005 22:18, Daniel Gerzo escribi=F3: > Hi questions, Enrique Ayesta Perojo, > > <snip because I have accidently lost the thread :-)> > > It seems like bruteforceblocker is running, since you can see > messages in your auth.log. this is good. could you please provide > me info, which version of openssh are you using, so I can debug? I > have som reports, that my bruteforceblocker does not work with > older versions of openssh, since it uses little bit different > format of warnings, so my regexps does not apply. Also, please send > here the format of those messages. > > Thank you. This is the version: OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e 25 Oct 2004 It's a FreeBSD 5.4-p7 box, and here there are some of the messages=20 at /var/log/auth.log: Oct 6 18:29:26 fatboy sshd[28472]: Illegal user jack from 63.67.26.114 Oct 6 18:29:26 fatboy sshd[28472]: reverse mapping checking getaddrinfo fo= r=20 host114.nokia-boston.com failed - POSSIBLE BREAKIN ATTEMPT! Oct 5 18:53:33 fatboy sshd[20731]: Illegal user pepito from 10.200.62.201 Oct 5 18:53:33 fatboy sshd[20731]: Failed unknown for illegal user pepito= =20 from 10.200.62.201 port 44241 ssh2 Thanks again
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510071012.38464.eayesta>