Hi Daniel, On your web site, you show how easy it is to convert to IPTABLES. I presume then it would be quite easy to reconfigure to use IPFW as well?
Cheers, Paul > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Gerzo > Sent: Wednesday, 25 January 2006 7:58 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: auth.log & intruder prevention > > > On Tue, Jan 24, 2006 at 10:02:26PM +0100, Ilias Sachpazidis wrote: > > Hi Everyone, > > hello, > > > > > In auth.log of my FreeBSD boxes I got many requests to port > 22, as you > > can see below. ----begin of snippet > > Jan 22 11:21:50 zeus sshd[92900]: Failed password for > illegal user cracking > > from 65.208.188.105 port 58344 ssh2 > > Jan 22 11:21:53 zeus sshd[92902]: Failed password for > illegal user hacking > > from 65.208.188.105 port 58443 ssh2 > > ----end of snippet > > > > I am wondering if any script is available to prevent hundreds of > > attempts on port 22 from external IPs that constantly > checking user & > > passwords on my FreeBSD PCs. > > > > What I am looking for is a deamon application/script that > receives the > > recorded data from auth.log and detects if any remote client (IP > > address) is checking user and passwords (Detection pattern: > 5 missing > > attempts in 1 min). On a successful detection, the script > should add > > an ipfw rule rejecting further IP packets from the specific remote > > address. > > > > Is any script or something similar available so far? > > I've written a BruteForceBlocer, you can install it from > ports as well, check security/bruteforceblocker. > > Hope you will like it. > > -- > Sincerely, > Daniel Gerzo > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"