On Sat, 19 Apr 2008 10:02:50 -0400 "Vikas N Kumar" <[EMAIL PROTECTED]> wrote:
> Hi > > I have OpenBSD 4.2 on a Pentium II laptop running fine, with its ssh > port 22 open to the web. However, there are a lot of attacks on that > port from various IP addresses across the globe. Even though I have > set maximum number of tries to just 2, I would like to be able to > note down the IP address (after say 10 unsuccessful login attempts) > from where the attacks are coming in and then dynamically add them to > hosts.deny for the next few days or permanently. > > Can pf do this ? I read the manual but could not find such a feature. > > I can always write a cron script that reads the messages log file and > does this sort of thing, but I was hoping that if such a feature > pre-exists I wouldn't have to do it. > > Any help will be appreciated. > > Thanks & Regards > Vikas There was a topic in a misc 2008-04-16 with subject "PF ssh bruteforce logging and blocking". You should read it. -- Henri Salo <fgeek at hack.fi> +358407705733 GPG ID: 2EA46E4F fp: 14D0 7803 BFF6 EFA0 9998 8C4B 5DFE A106 2EA4 6E4F
