From owner-freebsd-questions@FreeBSD.ORG Wed Sep 17 23:15:54 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DDA4C106564A for ; Wed, 17 Sep 2008 23:15:54 +0000 (UTC) (envelope-from scrappy@hub.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.freebsd.org (Postfix) with ESMTP id A83618FC0A for ; Wed, 17 Sep 2008 23:15:49 +0000 (UTC) (envelope-from scrappy@hub.org) Received: from localhost (unknown [200.46.204.183]) by hub.org (Postfix) with ESMTP id 427A01D0C69F for ; Wed, 17 Sep 2008 20:15:47 -0300 (ADT) Received: from hub.org ([200.46.204.220]) by localhost (mx1.hub.org [200.46.204.183]) (amavisd-maia, port 10024) with ESMTP id 03659-02 for ; Wed, 17 Sep 2008 20:15:48 -0300 (ADT) Received: from [192.168.1.2] (blk-224-204-104.eastlink.ca [24.224.204.104]) by hub.org (Postfix) with ESMTPA id 6A7641D0C69A for ; Wed, 17 Sep 2008 20:15:46 -0300 (ADT) Date: Wed, 17 Sep 2008 20:15:45 -0300 From: "Marc G. Fournier" To: freebsd-questions@freebsd.org Message-ID: <14143EECEC1CC52A4BC39AC3@ganymede.hub.org> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Auto blacklist ssh connections ... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Sep 2008 23:15:54 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does anyone know of a utility that I can use with sshd to auto-block by IP if there are more then N failed attempts in a row? ie: # grep "Invalid user" /var/log/auth.log| awk '{print $10}' | sort | uniq -c | sort -nr 5268 140.113.210.174 4863 72.52.225.116 3586 116.14.255.141 2918 193.205.186.67 2033 219.76.75.6 1308 216.14.127.67 1059 61.72.106.71 983 93.123.14.9 691 202.75.221.197 649 59.77.33.139 381 201.80.15.207 269 190.10.255.73 212 81.252.254.189 181 123.151.32.12 150 211.21.47.50 139 196.219.63.3 128 200.111.64.171 This is for one day ... I'd like to be able to throttle so that after X Invalid user attempts, the IP gets blocked ... Possible? - -- Marc G. Fournier Hub.Org Hosting Solutions S.A. (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkjRj6EACgkQ4QvfyHIvDvOsYQCgyaB3MhvHJk9qShRlovwSAXxx 3oQAn2NQ8zLFVO82Udp+mZaojwbfoKmw =SuAI -----END PGP SIGNATURE-----