Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Thank you pfSense team!

    Scheduled Pinned Locked Moved
    Forum Feedback
    3
    3
    4.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      ghetek
      last edited by

      thanks pfSense team! I am a long time user and i just recently set up my first VPN on 1.2.3 using DynDNS on both endpoints. installation and configuration was simple.

      pfSense gives me confidence over stuff like this:

      
Jul 19 22:49:58	sshd[5979]: Invalid user list from 114.143.7.8
Jul 19 22:49:58	sshd[5979]: Failed password for invalid user list from 114.143.7.8 port 37790 ssh2
Jul 19 22:50:00	sshd[5990]: Invalid user eleve from 114.143.7.8
Jul 19 22:50:00	sshd[5990]: Failed password for invalid user eleve from 114.143.7.8 port 38610 ssh2
Jul 19 22:50:03	sshd[6007]: Failed password for proxy from 114.143.7.8 port 39404 ssh2
Jul 19 22:50:07	sshd[6010]: Invalid user sys from 114.143.7.8
Jul 19 22:50:07	sshd[6010]: Failed password for invalid user sys from 114.143.7.8 port 40036 ssh2
Jul 19 22:50:09	sshd[6012]: Invalid user zzz from 114.143.7.8
Jul 19 22:50:09	sshd[6012]: Failed password for invalid user zzz from 114.143.7.8 port 41015 ssh2
Jul 19 22:50:12	sshd[6015]: Invalid user frank from 114.143.7.8
Jul 19 22:50:12	sshd[6015]: Failed password for invalid user frank from 114.143.7.8 port 41501 ssh2
Jul 19 22:50:14	sshd[6017]: Invalid user dan from 114.143.7.8
Jul 19 22:50:14	sshd[6017]: Failed password for invalid user dan from 114.143.7.8 port 42232 ssh2
Jul 19 22:50:18	sshd[6020]: Invalid user james from 114.143.7.8
Jul 19 22:50:18	sshd[6020]: Failed password for invalid user james from 114.143.7.8 port 43091 ssh2
Jul 19 22:50:20	sshd[6023]: Invalid user snort from 114.143.7.8
Jul 19 22:50:20	sshd[6023]: Failed password for invalid user snort from 114.143.7.8 port 43652 ssh2
Jul 19 22:50:23	sshd[6025]: Invalid user radiomail from 114.143.7.8
Jul 19 22:50:23	sshd[6025]: Failed password for invalid user radiomail from 114.143.7.8 port 44389 ssh2
Jul 19 22:50:26	sshd[6028]: Invalid user harrypotter from 114.143.7.8
Jul 19 22:50:26	sshd[6028]: Failed password for invalid user harrypotter from 114.143.7.8 port 45007 ssh2
Jul 19 22:50:28	sshd[6030]: Invalid user divine from 114.143.7.8
Jul 19 22:50:28	sshd[6030]: Failed password for invalid user divine from 114.143.7.8 port 45680 ssh2
Jul 19 22:50:31	sshd[6033]: Invalid user popa3d from 114.143.7.8
Jul 19 22:50:31	sshd[6033]: Failed password for invalid user popa3d from 114.143.7.8 port 46319 ssh2
Jul 19 22:50:33	sshd[6035]: Invalid user aptproxy from 114.143.7.8
Jul 19 22:50:33	sshd[6035]: Failed password for invalid user aptproxy from 114.143.7.8 port 47022 ssh2
Jul 19 22:50:37	sshd[6038]: Invalid user desktop from 114.143.7.8
Jul 19 22:50:37	sshd[6038]: Failed password for invalid user desktop from 114.143.7.8 port 47572 ssh2
Jul 19 22:50:39	sshd[6040]: Invalid user workshop from 114.143.7.8
Jul 19 22:50:39	sshd[6040]: Failed password for invalid user workshop from 114.143.7.8 port 48439 ssh2
Jul 19 22:50:42	sshd[6043]: Failed password for mailnull from 114.143.7.8 port 49008 ssh2
Jul 19 22:50:45	sshd[6045]: Invalid user nfsnobody from 114.143.7.8
Jul 19 22:50:45	sshd[6045]: Failed password for invalid user nfsnobody from 114.143.7.8 port 49793 ssh2
Jul 19 22:50:47	sshd[6048]: Invalid user rpcuser from 114.143.7.8
Jul 19 22:50:47	sshd[6048]: Failed password for invalid user rpcuser from 114.143.7.8 port 50582 ssh2
Jul 19 22:50:50	sshd[6050]: Invalid user rpc from 114.143.7.8
Jul 19 22:50:50	sshd[6050]: Failed password for invalid user rpc from 114.143.7.8 port 51062 ssh2
Jul 19 22:50:52	sshd[6054]: Invalid user gopher from 114.143.7.8
Jul 19 22:50:52	sshd[6054]: Failed password for invalid user gopher from 114.143.7.8 port 51833 ssh2
      1 Reply Last reply Reply Quote 0
      • P
        pakjebakmeel
        last edited by

        @ghetek:

        thanks pfSense team! I am a long time user and i just recently set up my first VPN on 1.2.3 using DynDNS on both endpoints. installation and configuration was simple.

        pfSense gives me confidence over stuff like this:

        
Jul 19 22:49:58	sshd[5979]: Invalid user list from 114.143.7.8
Jul 19 22:49:58	sshd[5979]: Failed password for invalid user list from 114.143.7.8 port 37790 ssh2
Jul 19 22:50:00	sshd[5990]: Invalid user eleve from 114.143.7.8
Jul 19 22:50:00	sshd[5990]: Failed password for invalid user eleve from 114.143.7.8 port 38610 ssh2
Jul 19 22:50:03	sshd[6007]: Failed password for proxy from 114.143.7.8 port 39404 ssh2
Jul 19 22:50:07	sshd[6010]: Invalid user sys from 114.143.7.8
Jul 19 22:50:07	sshd[6010]: Failed password for invalid user sys from 114.143.7.8 port 40036 ssh2
Jul 19 22:50:09	sshd[6012]: Invalid user zzz from 114.143.7.8
Jul 19 22:50:09	sshd[6012]: Failed password for invalid user zzz from 114.143.7.8 port 41015 ssh2
Jul 19 22:50:12	sshd[6015]: Invalid user frank from 114.143.7.8
Jul 19 22:50:12	sshd[6015]: Failed password for invalid user frank from 114.143.7.8 port 41501 ssh2
Jul 19 22:50:14	sshd[6017]: Invalid user dan from 114.143.7.8
Jul 19 22:50:14	sshd[6017]: Failed password for invalid user dan from 114.143.7.8 port 42232 ssh2
Jul 19 22:50:18	sshd[6020]: Invalid user james from 114.143.7.8
Jul 19 22:50:18	sshd[6020]: Failed password for invalid user james from 114.143.7.8 port 43091 ssh2
Jul 19 22:50:20	sshd[6023]: Invalid user snort from 114.143.7.8
Jul 19 22:50:20	sshd[6023]: Failed password for invalid user snort from 114.143.7.8 port 43652 ssh2
Jul 19 22:50:23	sshd[6025]: Invalid user radiomail from 114.143.7.8
Jul 19 22:50:23	sshd[6025]: Failed password for invalid user radiomail from 114.143.7.8 port 44389 ssh2
Jul 19 22:50:26	sshd[6028]: Invalid user harrypotter from 114.143.7.8
Jul 19 22:50:26	sshd[6028]: Failed password for invalid user harrypotter from 114.143.7.8 port 45007 ssh2
Jul 19 22:50:28	sshd[6030]: Invalid user divine from 114.143.7.8
Jul 19 22:50:28	sshd[6030]: Failed password for invalid user divine from 114.143.7.8 port 45680 ssh2
Jul 19 22:50:31	sshd[6033]: Invalid user popa3d from 114.143.7.8
Jul 19 22:50:31	sshd[6033]: Failed password for invalid user popa3d from 114.143.7.8 port 46319 ssh2
Jul 19 22:50:33	sshd[6035]: Invalid user aptproxy from 114.143.7.8
Jul 19 22:50:33	sshd[6035]: Failed password for invalid user aptproxy from 114.143.7.8 port 47022 ssh2
Jul 19 22:50:37	sshd[6038]: Invalid user desktop from 114.143.7.8
Jul 19 22:50:37	sshd[6038]: Failed password for invalid user desktop from 114.143.7.8 port 47572 ssh2
Jul 19 22:50:39	sshd[6040]: Invalid user workshop from 114.143.7.8
Jul 19 22:50:39	sshd[6040]: Failed password for invalid user workshop from 114.143.7.8 port 48439 ssh2
Jul 19 22:50:42	sshd[6043]: Failed password for mailnull from 114.143.7.8 port 49008 ssh2
Jul 19 22:50:45	sshd[6045]: Invalid user nfsnobody from 114.143.7.8
Jul 19 22:50:45	sshd[6045]: Failed password for invalid user nfsnobody from 114.143.7.8 port 49793 ssh2
Jul 19 22:50:47	sshd[6048]: Invalid user rpcuser from 114.143.7.8
Jul 19 22:50:47	sshd[6048]: Failed password for invalid user rpcuser from 114.143.7.8 port 50582 ssh2
Jul 19 22:50:50	sshd[6050]: Invalid user rpc from 114.143.7.8
Jul 19 22:50:50	sshd[6050]: Failed password for invalid user rpc from 114.143.7.8 port 51062 ssh2
Jul 19 22:50:52	sshd[6054]: Invalid user gopher from 114.143.7.8
Jul 19 22:50:52	sshd[6054]: Failed password for invalid user gopher from 114.143.7.8 port 51833 ssh2

        In regards to the above, can PfSense automatically ignore requests from certain IP's based on let's say 10 authentication failures as you can set in WebMin for Linux? As in an automated black-list functionality?

        1 Reply Last reply Reply Quote 0
        • T
          tommyboy180
          last edited by

          Mcrane is putting together a denyhosts package here soon. If you want to block these bad guys now and install Denyhosts you can follow my numbered steps on the denyhosts package bounty.

          Depending on your denyhosts settings you will be able to permantly block these addresses and also get ip blacklists from a centrial denyhosts server that tracks all bad ips just like this one.

          -Tom Schaefer
          SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

          Please support pfBlocker | File Browser | Strikeback

          1 Reply Last reply Reply Quote 0
          • First post
            Last post