On Wed, 17 Sep 2008 20:15:45 -0300 "Marc G. Fournier" <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Does anyone know of a utility that I can use with sshd to
> auto-block by IP if there are more then N failed attempts in a row?
>
> ie:
>
> # grep "Invalid user" /var/log/auth.log| awk '{print $10}' | sort |
> uniq -c | sort -nr
> 5268 140.113.210.174
>
> 4863 72.52.225.116
>
> 3586 116.14.255.141
>
> 2918 193.205.186.67
>
> 2033 219.76.75.6
>
> 1308 216.14.127.67
>
> 1059 61.72.106.71
>
> 983 93.123.14.9
>
> 691 202.75.221.197
>
> 649 59.77.33.139
>
> 381 201.80.15.207
>
> 269 190.10.255.73
>
> 212 81.252.254.189
>
> 181 123.151.32.12
>
> 150 211.21.47.50
>
> 139 196.219.63.3
>
> 128 200.111.64.171
>
>
>
> This is for one day ... I'd like to be able to throttle so that
> after X Invalid user attempts, the IP gets blocked ...
>
> Possible?
security/sshguard
security/blocksshd
security/denyhosts
security/bruteforceblocker
signature.asc
Description: PGP signature
