Date: Thu, 26 Jan 2006 11:05:07 +0800 From: "Paul Hamilton" <paulh@bdug.org.au> To: "'Daniel Gerzo'" <danger@rulez.sk>, <Ilias.Sachpazidis@igd.fraunhofer.de> Cc: questions@freebsd.org Subject: RE: auth.log & intruder prevention Message-ID: <00ee01c62225$4fb3de00$6600a8c0@w2k2> In-Reply-To: <20060124235744.GA99424@daemon.rulez.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Daniel, On your web site, you show how easy it is to convert to IPTABLES. I = presume then it would be quite easy to reconfigure to use IPFW as well? Cheers, Paul > -----Original Message----- > From: owner-freebsd-questions@freebsd.org=20 > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Daniel Gerzo > Sent: Wednesday, 25 January 2006 7:58 AM > To: Ilias.Sachpazidis@igd.fraunhofer.de > Cc: questions@freebsd.org > Subject: Re: auth.log & intruder prevention >=20 >=20 > On Tue, Jan 24, 2006 at 10:02:26PM +0100, Ilias Sachpazidis wrote: > > Hi Everyone, >=20 > hello, > =20 > >=20 > > In auth.log of my FreeBSD boxes I got many requests to port=20 > 22, as you=20 > > can see below. ----begin of snippet > > Jan 22 11:21:50 zeus sshd[92900]: Failed password for=20 > illegal user cracking > > from 65.208.188.105 port 58344 ssh2 > > Jan 22 11:21:53 zeus sshd[92902]: Failed password for=20 > illegal user hacking > > from 65.208.188.105 port 58443 ssh2 > > ----end of snippet > >=20 > > I am wondering if any script is available to prevent hundreds of=20 > > attempts on port 22 from external IPs that constantly=20 > checking user &=20 > > passwords on my FreeBSD PCs. > >=20 > > What I am looking for is a deamon application/script that=20 > receives the=20 > > recorded data from auth.log and detects if any remote client (IP=20 > > address) is checking user and passwords (Detection pattern:=20 > 5 missing=20 > > attempts in 1 min). On a successful detection, the script=20 > should add=20 > > an ipfw rule rejecting further IP packets from the specific remote=20 > > address. > >=20 > > Is any script or something similar available so far? >=20 > I've written a BruteForceBlocer, you can install it from=20 > ports as well, check security/bruteforceblocker. >=20 > Hope you will like it. >=20 > --=20 > Sincerely, > Daniel Gerzo > _______________________________________________ > freebsd-questions@freebsd.org mailing list=20 > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to=20 > "freebsd-questions-unsubscribe@freebsd.org" >=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00ee01c62225$4fb3de00$6600a8c0>