[PLUG] automatic firewall rules adder?
m0gely
m0gely at telestream.com
Mon Jun 12 16:28:32 UTC 2006
Brent Rieck wrote:
> Hello,
> I seem recall somebody here mentioning a program that would scan your
> log files for failed login attempts via ssh and then add those IP
> addresses to your firewall rules. Was I dreaming? Or does such a
> program already exists?
I think your block list would get huge after a while. I don't know
anything about iptables, but OpenBSD's pf has the ability to detect
brute force attempts in general, not just SSH. Here is a link that
talks about it as well as a util to clean out the table after IP's have
aged. This way they're not blocked forever.
http://legonet.org/~griffin/openbsd/block_ssh_bruteforce.html
Maybe iptables can do this too.
--
- m0gely
http://quake2.telestream.com/
Q2 | Q3A | Counter-strike
More information about the PLUG
mailing list