I'm interesting in this solution, can you explain hoy you did this?? best regards
2008/8/31, Jeppe Øland <[EMAIL PROTECTED]>: > Hi, > > I just set up the firewall hole for SSH to block if more than a few > connections were made from the same host within a minute or so. > All the brute-force attacks disappeared after that. > > Regards, > -Jeppe > > On Sat, Aug 30, 2008 at 4:02 PM, Igor <[EMAIL PROTECTED]> wrote: > > Hi :) > > > > Christian: The fail2ban is a very nice tool... but I'm looking > > something integrated with pfSense to control banned hosts... but I'll > > make some tests :D > > > > Chris: Thanks for your reply.. but I really need SSH opened because > > I've some clients with dynamic IP.. or I change SSH port and change > > all clients.. or I block bad users into server. > > > > Thanks again for all > > > > Igor > > > > On Sat, Aug 30, 2008 at 18:38, Christian Veith <[EMAIL PROTECTED]> wrote: > >> Igor schrieb: > >>> > >>> Hello people, > >>> > >>> I guess all servers with ssh enable on default port has problems with > >>> brute force.. and isn't different on my server :) > >>> > >>> And after a lot of failed tries my "system.log" gets corrupted.. like: > >>> > >>> [EMAIL PROTECTED] ~]# tail -n3 /var/log/system.log > >>> Aug 30 15:44:22 bzrouter01 sshd[58326]: Invalid user guest from > >>> 200.128.80.174 > >>> Aug 30 15:44:22 bzrouter01 sshd[58326]: Failed password for invalid > >>> user guest from 200.128.80.174 port 56056 ssh2 > >>> Aug 30 15:44:22 bzrouter01 sshd[58328]: Invalid user master from > >>> 200.128.CLOG?S|[EMAIL PROTECTED] ~]# > >>> > >>> I've two questions: > >>> > >>> 1) There are a simple way to detect and block brute force? I ready in > >>> some place to use snort... and I've installed and I guess is > >>> configured correctly, but doesn't block anyone. > >>> > >>> 2) Is normal this error on "system.log"? > >>> > >>> Thanks in advance > >>> > >>> Igor Macedo > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >> > >> Hi Igor, > >> > >> i´m using fail2ban on my linux boxes at present. You can find it at > >> fail2ban.org > >> > >> it´s watching the syslog auth facility of the syslog for given regex > >> matches > >> and blocks them via pf or iptables. > >> > >> maybe that´s something for you. > >> > >> kind regards > >> > >> Christian > >> > >> ( [EMAIL PROTECTED] ) not real don´t use. > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
