Block port(s) after a while
-
Hi !
I know pfsense is not openwrt.. but there is a rule for iptables (with ipt module recent) to avoid things like this is there also a soluton for pfsense ?
Sep 25 18:35:23 sshd[15995]: Failed password for invalid user ftp123 from 216.245.217.170 port 47969 ssh2
Sep 25 18:35:23 sshd[15995]: Invalid user ftp123 from 216.245.217.170
Sep 25 18:35:23 sshd[15994]: Failed password for invalid user asterisk from 216.245.217.170 port 47961 ssh2
Sep 25 18:35:23 sshd[15994]: Invalid user asterisk from 216.245.217.170
Sep 25 18:35:22 sshd[15956]: Failed password for invalid user ftp123 from 216.245.217.170 port 47293 ssh2
Sep 25 18:35:22 sshd[15956]: Invalid user ftp123 from 216.245.217.170
Sep 25 18:35:22 sshd[15954]: Failed password for invalid user asterisk from 216.245.217.170 port 47280 ssh2
Sep 25 18:35:22 sshd[15954]: Invalid user asterisk from 216.245.217.170
Sep 25 18:35:20 sshd[15853]: Failed password for invalid user ftp123 from 216.245.217.170 port 45765 ssh2
Sep 25 18:35:20 sshd[15853]: Invalid user ftp123 from 216.245.217.170
Sep 25 18:35:20 sshd[15863]: Failed password for invalid user asterisk from 216.245.217.170 port 45965 ssh2
Sep 25 18:35:20 sshd[15863]: Invalid user asterisk from 216.245.217.170
Sep 25 18:35:18 sshd[15826]: Failed password for invalid user oracle from 216.245.217.170 port 44309 ssh2
Sep 25 18:35:18 sshd[15826]: Invalid user oracle from 216.245.217.170Ciao gerd
-
If snort is working at the moment this could help you.
It's a package.Or you hit the 'Advanced' button in your SSH rule on WAN tab and enable/set some costum limits like max. connections /host or /time frame.
-
Can somebody make a feature request for this so it does not get forgotten?
pf has built in support for this it just needs to be exported.
-
@ermal:
Can somebody make a feature request for this so it does not get forgotten?
pf has built in support for this it just needs to be exported.for what ? snort support ?
btw: as i wroteon top bofore i used openwrt (kamikaze) and this was done eith an iptables rule
iptables -t nat -A prerouting_wan -p tcp –dport 22 -m state --state NEW
-m recent --name ATTACKER_SSH --rsource --update --seconds 180 --hitcount 5 -j DROP
iptables -t nat -A prerouting_wan -p tcp --dport 22 -m state --state NEW
-m recent --name ATTACKER_SSH --rsource --setSSH
iptables -A input_wan -p tcp --dport 22 -m state --state NEW -j ACCEPT
thats all
ciao gerd
-
Man iptables is UGLY i am glad BSD can make easy tools for people :).
Yeah pf has teh same concept too but need to be exported to the gui.