[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: IPF equivalent of "recent" module?
From:       Mark Leisher <mleisher () crl ! NMSU ! Edu>
Date:       2005-05-06 22:46:56
Message-ID: 427BF3E0.9060503 () crl ! nmsu ! edu
[Download RAW message or body]

George Yobst wrote:
> I'd be interested in your script that checks the log and
> your ipf command that triggers the log entry, please!

*WARNING* The INPUT and OUTPUT chains in ipf and iptables are flushed by one 
of these scripts, so buyer beware! Don't mess up your ipf/iptables rules 
already in place. Merging this into existing rule sets is left as an exercise 
for the reader.

Since several people asked, here are the Perl scripts and associated data 
files with names changed to protect the innocent:

http://crl.nmsu.edu/~mleisher/bfblock.tar.gz

These Perl scripts work together to block brute force password attacks through 
ssh, nothing else.
-- 
---------------------------------------------------------------------------
Mark Leisher
Computing Research Lab            Frantic orthodoxy is never rooted in
New Mexico State University       faith but in doubt. It is when we are
Box 30001, MSC 3CRL               unsure that we are doubly sure.
Las Cruces, NM  88003               -- Reinhold Niebuhr (1892-1971)
[prev in list] [next in list] [prev in thread] [next in thread]