Hi there.
I manage several different pf firewalls around the country, and so I need to have ssh access allowed. Occaisionally, (more and more often lately), I get script kiddies having a go at brute forcing my root password (see below) or brute forcing a selection of guessed account names (like guest, admin, root, ...)
While I have quite secure passwords, the blatting of my console is something I object to quite highly. Is there a way in PF to detect all these failed ssh connection attempts from a single address in a small time period and block them for a given time period?
Is there something else I can use to do this more elegantly?
THanks!
Tefol
May 20 13:03:29 gateway sshd[25056]: Failed password for root from 69.0.238.65 port 46233 ssh2
May 20 13:03:29 gateway sshd[25056]: Failed password for root from 69.0.238.65 port 46233 ssh2
May 20 13:03:32 gateway sshd[30463]: Failed password for root from 69.0.238.65 port 46283 ssh2
May 20 13:03:32 gateway sshd[30463]: Failed password for root from 69.0.238.65 port 46283 ssh2
May 20 13:03:34 gateway sshd[7587]: Failed password for root from 69.0.238.65 port 46346 ssh2
May 20 13:03:34 gateway sshd[7587]: Failed password for root from 69.0.238.65 port 46346 ssh2
May 20 13:03:37 gateway sshd[3451]: Failed password for root from 69.0.238.65 port 46398 ssh2
May 20 13:03:37 gateway sshd[3451]: Failed password for root from 69.0.238.65 port 46398 ssh2
May 20 13:03:40 gateway sshd[30831]: Failed password for root from 69.0.238.65 port 46453 ssh2
May 20 13:03:40 gateway sshd[30831]: Failed password for root from 69.0.238.65 port 46453 ssh2
May 20 13:03:42 gateway sshd[26410]: Failed password for root from 69.0.238.65 port 46512 ssh2
May 20 13:03:42 gateway sshd[26410]: Failed password for root from 69.0.238.65 port 46512 ssh2
May 20 13:03:45 gateway sshd[23085]: Failed password for root from 69.0.238.65 port 46570 ssh2
May 20 13:03:45 gateway sshd[23085]: Failed password for root from 69.0.238.65 port 46570 ssh2
May 20 13:03:47 gateway sshd[10178]: Failed password for root from 69.0.238.65 port 46627 ssh2
May 20 13:03:47 gateway sshd[10178]: Failed password for root from 69.0.238.65 port 46627 ssh2
May 20 13:03:50 gateway sshd[8567]: Failed password for root from 69.0.238.65 port 46680 ssh2
May 20 13:03:50 gateway sshd[8567]: Failed password for root from 69.0.238.65 port 46680 ssh2
May 20 13:03:53 gateway sshd[28100]: Failed password for root from 69.0.238.65 port 46740 ssh2
May 20 13:03:53 gateway sshd[28100]: Failed password for root from 69.0.238.65 port 46740 ssh2
May 20 13:03:55 gateway sshd[23756]: Failed password for root from 69.0.238.65 port 46792 ssh2
May 20 13:03:55 gateway sshd[23756]: Failed password for root from 69.0.238.65 port 46792 ssh2
May 20 13:03:58 gateway sshd[8601]: Failed password for root from 69.0.238.65 port 46855 ssh2
May 20 13:03:58 gateway sshd[8601]: Failed password for root from 69.0.238.65 port 46855 ssh2
