[ previous ] [ next ] [ threads ]
 
 From:  "William " <William at carterobservatory dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] bruteforceblocker
 Date:  Fri, 27 May 2005 12:49:20 +1200
Nope, this sits on the machine with sshd installed itself, and activates
a pf block on that machine.  M0n0wall doesn't have an sshd (see the FAQ)
so doesn't need the protection.  Plus, for through-bound ssh traffic, it
has no way of knowing which ssh connections going through it are brute
force attempts, since they are encrypted.

- William

On  27 May 2005, Don Munyak wrote:
>from freshports website
>
>http://www.freshports.org/security/bruteforceblocker/2
>
>[snip]
>
>BruteForceBlocker is a script, that works along with pf - OpenBSD's
firewall.
>When this script is running, it checks sshd's auth log for Failed
Password attempts and counts it's number. When given IP >reaches
specified number of fails, script adds this IP to the pf's table and
block any other traffic to the given box. If >you are bored of those
automated auth tries, you will be happy with this script. It also
includes a simple rc script.
>
>[snip]
>
>Is this something that can be incorporated into m0n0wall ???