All, This morning, I woke up to find one of my systems under hacker attack (considerable multiple attempts to log in to ftp, ssh, etc., mostly using system accounts). I loaded ipfw and set up a couple of quick rules to block the point of origin. Unfortunately, the address appears to be DHCP'ed, so I expect the hacker will at some point get a new address, and start over.
Rather than having to hang over my machine is there any software out there that will monitor logs (e.g. /var/log/messages), parse out failed logins like this, and run an ipfw command to block it? Perhaps something can be done via PAM? An added extra bonus would be if it would unblock after some period of time, in case a legit. user bungles their password, and can't get in (saves the service call). -Brian _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"