I recently installed FreeBSD 6.1 on my gateway.  It replaced an
installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had
disabled the SSH server.  Since all the bugs in SSH are fixed now ( :-) ), I
thought I'd leave the server on, and am somewhat dismayed to discover that I
now get occasional brute-force/dictionary attacks on the port.

        A little Googling revealed a couple of potentially useful tools:
'sshit' and 'bruteblock', both of which notice repeated login attempts from
a given IP address and blackhole it in the firewall.  I first tried 'sshit',
but after a couple days, I noticed in my daily reports that I was still
getting lengthy bruteforce attempts, suggesting the 'sshit' was not working.

        So I uninstalled 'sshit' and installed 'bruteblock'.  But again a
couple days later, the logs showed lengthy bruteforce attempts going
unblocked.

        The relevant lines from my /etc/syslog.conf file are:

----
auth.info;authpriv.info                         /var/log/auth.log
auth.info;authpriv.info         | exec /usr/local/sbin/bruteblock -f 
/usr/local/etc/bruteblock/ssh.conf
----

        Any hints as to what I might be doing wrong?

                                        Thanks,
                                        Schwab
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to