Hi, I just set up the firewall hole for SSH to block if more than a few connections were made from the same host within a minute or so. All the brute-force attacks disappeared after that.
Regards, -Jeppe On Sat, Aug 30, 2008 at 4:02 PM, Igor <[EMAIL PROTECTED]> wrote: > Hi :) > > Christian: The fail2ban is a very nice tool... but I'm looking > something integrated with pfSense to control banned hosts... but I'll > make some tests :D > > Chris: Thanks for your reply.. but I really need SSH opened because > I've some clients with dynamic IP.. or I change SSH port and change > all clients.. or I block bad users into server. > > Thanks again for all > > Igor > > On Sat, Aug 30, 2008 at 18:38, Christian Veith <[EMAIL PROTECTED]> wrote: >> Igor schrieb: >>> >>> Hello people, >>> >>> I guess all servers with ssh enable on default port has problems with >>> brute force.. and isn't different on my server :) >>> >>> And after a lot of failed tries my "system.log" gets corrupted.. like: >>> >>> [EMAIL PROTECTED] ~]# tail -n3 /var/log/system.log >>> Aug 30 15:44:22 bzrouter01 sshd[58326]: Invalid user guest from >>> 200.128.80.174 >>> Aug 30 15:44:22 bzrouter01 sshd[58326]: Failed password for invalid >>> user guest from 200.128.80.174 port 56056 ssh2 >>> Aug 30 15:44:22 bzrouter01 sshd[58328]: Invalid user master from >>> 200.128.CLOG?S|[EMAIL PROTECTED] ~]# >>> >>> I've two questions: >>> >>> 1) There are a simple way to detect and block brute force? I ready in >>> some place to use snort... and I've installed and I guess is >>> configured correctly, but doesn't block anyone. >>> >>> 2) Is normal this error on "system.log"? >>> >>> Thanks in advance >>> >>> Igor Macedo >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> Hi Igor, >> >> i´m using fail2ban on my linux boxes at present. You can find it at >> fail2ban.org >> >> it´s watching the syslog auth facility of the syslog for given regex matches >> and blocks them via pf or iptables. >> >> maybe that´s something for you. >> >> kind regards >> >> Christian >> >> ( [EMAIL PROTECTED] ) not real don´t use. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
