Yeahh.. I've tried and this works fine.. :-) There's any way to check blocked hosts? And how I can allow this host again?
Thanks a lot Regards On Wed, Sep 3, 2008 at 03:22, Jeppe Øland <[EMAIL PROTECTED]> wrote: > What I did was simply set the firewall rule advanced settings. Here I > set "2 Maximum new connections / 60 seconds". > > Looking at the rule, I'm not sure if it checks for multiple > connections from the same host, or just for multiple connections in > general. > Technically I guess this means that a malicious person could lock me > out by just connecting frequently... but I have never ever been > prevented from logging in (except for the time I tested if the rule > worked) so I'm not too worried about that. > > Regards, > -Jeppe > > On Tue, Sep 2, 2008 at 7:13 AM, Aliet Santiesteban Sifontes > <[EMAIL PROTECTED]> wrote: >> I'm interesting in this solution, can you explain hoy you did this?? >> best regards >> >> 2008/8/31, Jeppe Øland <[EMAIL PROTECTED]>: >>> Hi, >>> >>> I just set up the firewall hole for SSH to block if more than a few >>> connections were made from the same host within a minute or so. >>> All the brute-force attacks disappeared after that. >>> >>> Regards, >>> -Jeppe >>> >>> On Sat, Aug 30, 2008 at 4:02 PM, Igor <[EMAIL PROTECTED]> wrote: >>> > Hi :) >>> > >>> > Christian: The fail2ban is a very nice tool... but I'm looking >>> > something integrated with pfSense to control banned hosts... but I'll >>> > make some tests :D >>> > >>> > Chris: Thanks for your reply.. but I really need SSH opened because >>> > I've some clients with dynamic IP.. or I change SSH port and change >>> > all clients.. or I block bad users into server. >>> > >>> > Thanks again for all >>> > >>> > Igor >>> > >>> > On Sat, Aug 30, 2008 at 18:38, Christian Veith <[EMAIL PROTECTED]> wrote: >>> >> Igor schrieb: >>> >>> >>> >>> Hello people, >>> >>> >>> >>> I guess all servers with ssh enable on default port has problems with >>> >>> brute force.. and isn't different on my server :) >>> >>> >>> >>> And after a lot of failed tries my "system.log" gets corrupted.. like: >>> >>> >>> >>> [EMAIL PROTECTED] ~]# tail -n3 /var/log/system.log >>> >>> Aug 30 15:44:22 bzrouter01 sshd[58326]: Invalid user guest from >>> >>> 200.128.80.174 >>> >>> Aug 30 15:44:22 bzrouter01 sshd[58326]: Failed password for invalid >>> >>> user guest from 200.128.80.174 port 56056 ssh2 >>> >>> Aug 30 15:44:22 bzrouter01 sshd[58328]: Invalid user master from >>> >>> 200.128.CLOG?S|[EMAIL PROTECTED] ~]# >>> >>> >>> >>> I've two questions: >>> >>> >>> >>> 1) There are a simple way to detect and block brute force? I ready in >>> >>> some place to use snort... and I've installed and I guess is >>> >>> configured correctly, but doesn't block anyone. >>> >>> >>> >>> 2) Is normal this error on "system.log"? >>> >>> >>> >>> Thanks in advance >>> >>> >>> >>> Igor Macedo >>> >>> >>> >>> --------------------------------------------------------------------- >>> >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> >>> >>> >> >>> >> Hi Igor, >>> >> >>> >> i´m using fail2ban on my linux boxes at present. You can find it at >>> >> fail2ban.org >>> >> >>> >> it´s watching the syslog auth facility of the syslog for given regex >>> >> matches >>> >> and blocks them via pf or iptables. >>> >> >>> >> maybe that´s something for you. >>> >> >>> >> kind regards >>> >> >>> >> Christian >>> >> >>> >> ( [EMAIL PROTECTED] ) not real don´t use. >>> >> >>> >> --------------------------------------------------------------------- >>> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> >> For additional commands, e-mail: [EMAIL PROTECTED] >>> >> >>> >> >>> > >>> > --------------------------------------------------------------------- >>> > To unsubscribe, e-mail: [EMAIL PROTECTED] >>> > For additional commands, e-mail: [EMAIL PROTECTED] >>> > >>> > >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
