Hi :) Christian: The fail2ban is a very nice tool... but I'm looking something integrated with pfSense to control banned hosts... but I'll make some tests :D
Chris: Thanks for your reply.. but I really need SSH opened because I've some clients with dynamic IP.. or I change SSH port and change all clients.. or I block bad users into server. Thanks again for all Igor On Sat, Aug 30, 2008 at 18:38, Christian Veith <[EMAIL PROTECTED]> wrote: > Igor schrieb: >> >> Hello people, >> >> I guess all servers with ssh enable on default port has problems with >> brute force.. and isn't different on my server :) >> >> And after a lot of failed tries my "system.log" gets corrupted.. like: >> >> [EMAIL PROTECTED] ~]# tail -n3 /var/log/system.log >> Aug 30 15:44:22 bzrouter01 sshd[58326]: Invalid user guest from >> 200.128.80.174 >> Aug 30 15:44:22 bzrouter01 sshd[58326]: Failed password for invalid >> user guest from 200.128.80.174 port 56056 ssh2 >> Aug 30 15:44:22 bzrouter01 sshd[58328]: Invalid user master from >> 200.128.CLOG?S|[EMAIL PROTECTED] ~]# >> >> I've two questions: >> >> 1) There are a simple way to detect and block brute force? I ready in >> some place to use snort... and I've installed and I guess is >> configured correctly, but doesn't block anyone. >> >> 2) Is normal this error on "system.log"? >> >> Thanks in advance >> >> Igor Macedo >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > Hi Igor, > > i´m using fail2ban on my linux boxes at present. You can find it at > fail2ban.org > > it´s watching the syslog auth facility of the syslog for given regex matches > and blocks them via pf or iptables. > > maybe that´s something for you. > > kind regards > > Christian > > ( [EMAIL PROTECTED] ) not real don´t use. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
