This might not be exactly what you want, but solution to this might be timelox by brian. It has a definable action to take when an IP attempts X logins in N seconds. I've modified his timelox-code for openbsd to suit openssh portable 3.9p1/4.0p1 (linux/freebsd). I will try to keep this up to date with the openssh-portable tree.
You can find it at http://www.overflow.no/?p=hacking The next version will have a sshd_config setting for a script to run on this event, to improve portability basicly. This prolly isn't the best solution, but it works pretty good. If blocking out all of the world is a concern just add a cronjob for root to clear the rules one a week or something like that. :) On Fri, 2005-04-08 at 12:07 -0700, Michael Carlson wrote: > I would be very interested in a script/setup like this, so I second the > suggestion of posting it somewhere. > > On a minor off topic question, has anyone gotten the linux-pam/pam_tally to > work in 5.x? > > Due to security requirements at work I need either that or something similar. > > At 05:28 PM 4/7/2005, Jon Adams wrote: > > > >Marian Hettwer wrote: > > > >>On Mi, 6.04.2005, 17:57, Willem Jan Withagen sagte: > >> > >> > >>>I've build some swatch-rules that after two of these hits, I dump > >>>the host into ifpw-deny space. > >>> > >>> > >>Aye. I thought about writing a script, doing the same like yours, too. > >>Could you post this script somewhere, so that I could add some > >>functionality or just use it ? > >> > >> > >This is similar to what I do... except > > > >I just run a cronjob every so often... daily.. weekly.. what have you.. > >that will restart ipfw... probably there is a cleaner solution, but it > >does the job for me.... as far as cleaning out the dozens of IPs that get > >blocked for connecting to ports they shouldnt on my boxes > > > >_______________________________________________ > >[email protected] mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-security > >To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > Chris -- Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, swallowing magic pills and listening to repetitive electronic music.
signature.asc
Description: This is a digitally signed message part
