On Tue, Jan 24, 2006 at 10:02:26PM +0100, Ilias Sachpazidis wrote: > Hi Everyone,
hello, > > In auth.log of my FreeBSD boxes I got many requests to port 22, as you can > see below. > ----begin of snippet > Jan 22 11:21:50 zeus sshd[92900]: Failed password for illegal user cracking > from 65.208.188.105 port 58344 ssh2 > Jan 22 11:21:53 zeus sshd[92902]: Failed password for illegal user hacking > from 65.208.188.105 port 58443 ssh2 > ----end of snippet > > I am wondering if any script is available to prevent hundreds of attempts on > port 22 from external IPs that constantly checking user & passwords on my > FreeBSD PCs. > > What I am looking for is a deamon application/script that receives the > recorded data from auth.log and detects if any remote client (IP address) is > checking user and passwords (Detection pattern: 5 missing attempts in 1 > min). On a successful detection, the script should add an ipfw rule > rejecting further IP packets from the specific remote address. > > Is any script or something similar available so far? I've written a BruteForceBlocer, you can install it from ports as well, check security/bruteforceblocker. Hope you will like it. -- Sincerely, Daniel Gerzo _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
