On Tue, 4 Jun 2013, Tim Daneliuk wrote:
On 06/04/2013 04:51 PM, Doug Hardie wrote:
On 4 June 2013, at 08:47, Tim Daneliuk <tun...@tundraware.com> wrote:
I am seeing login dictionary attacks on a FreeBSD mail server being
reported. Is there a way to determine the IPs that are doing this
so they can be blocked at the firewall? auth.log only
notes the attempted user name, not the IP of origin.
--
I wrote some code to find the appropriate maillog entries which do include
the IP addresses. It automagically adds the IP addresses to the pf
blackhole table if certain criteria is met. The criteria is changeable.
If you would like a copy, let me know.
Yes, I'd love a look at that, thanks.
sshguard is supposed to be capable of analyzing log files beyond just
ssh.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
