Hi Dave,
Thursday, October 6, 2005, 10:24:20 PM, you wrote about:
> Hello,
> I've got bruetforceblocker going with pf, i just
installed the port. My
> box is a 5.4 machine. I have it going on my lan server,
which does ssh for
> my network, it's the box you'll hit if you ssh in as
opposed to the firewall
> box. It's adding ip's to the table, but it's doing it
staggeringly, i see
> activity in my logs where atempts are made and then the
IP's keep coming
> back as if they're not being blocked.
I'm running BruteForceBlocker on a bunch of the boxes and I
have no
problem with it. can you check the pf table, if it is
growing? Can you
also see messages like:
User root from 67.15.192.35 not allowed because not listed
in AllowUsers
67.15.192.35 was logged with total count of 1.
Failed password for invalid user root from 67.15.192.35 port
36082 ssh2
67.15.192.35 was logged with total count of 2.
User root from 67.15.192.35 not allowed because not listed
in AllowUsers
67.15.192.35 was logged with total count of 3.
Failed password for invalid user root from 67.15.192.35 port
36111 ssh2
IP 67.15.192.35 reached the maximum number of failed
attempts!!!
Adding IP to the firewall...
in your auth logfile?
If you want to check the pf table use command like:
# pfctl -t bruteforce -T show
> Thanks.
> Dave.
--
Best Regards,
Daniel Gerzo
_______________________________________________
freebsd-questions freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"
|