sshguard
-
Is there any doucmentation regarding sshguard ?
I have a sftp server sat in my DMZ and just noticed a few of these in the logs:-
Oct 5 19:01:16 sshguard 48495 Attack from "2607:ff10:c5:509a::10" on service 100 with danger 10.
Oct 5 19:01:09 sshguard 48495 Attack from "2607:ff10:c5:509a::10" on service 100 with danger 10.
Oct 4 17:54:34 sshguard 10669 Attack from "172.16.2.20" on service 380 with danger 10.Lol 172.16.2.20 is me :)
Is it here:-
https://www.sshguard.net
-
Those are in your pfsense log - or the log on this server your allowing ssh into?
-
pfsense log John
-
Your saying that ipv6 address is server in your dmz hitting your pfsense IP? I wouldn't allow boxes in dmz to talk to pfsense - kind of the whole point of a dmz is isolation ;)
-
The ipv6 address is outside my network.
I also have pf running on the sftp server ( its a pi running FreeBSD ) to block brute forces.
Just wondering what the service 100 with danger 10 means.
Oops I had a go at renaming all my aliases this morning and it looks like I screwed up the firewall entry to pass IPv6 to my sftp host dooh
-
service 100 is ssh, and danger just means it flagged it as attack..
-
Just looked in the logs as per my bold text, it wasn't hitting the sftp host but the dmz interface.