Menu
▾
▴
Re: [Sshguard-users] Add a new custom rule
|
From: Mij <mi...@bi...> - 2008-06-28 22:58:30
|
Hello Colin, thanks for being precise in this report. Please submit the same data as an attack pattern proposal here http://sshguard.sourceforge.net/newattackpatt.php there is a chance that I will integrate support for this in the upcoming 1.1 stable. On Jun 28, 2008, at 3:53 PM, Colin wrote: > Hello, > I am successfully using sshguard 1.0 on FreeBSD (6.x and 7.0) with > ipfw to > block ssh attacks. On my setup sshguard parses the /var/log/auth.log > messages which also logs failed FTP and POP attempts. Thus I would > like to > use sshguard to block those attacks too (instead of using a new filter > program). However I am not sure how to tackle this, could someone > point me > to the necessary modifications or files to change? I suppose > src/attack_scanner.l is a good start, but is it the only one? A simple > working rule would be enough for my liking :o). > > Thanks, > Cheers, > Colin > > Typical POP attack: > > Jun 26 11:51:17 sleepyowl ipop3d[75832]: Login failed user=dave > auth=dave > host=210.0.95.29.static.nexnet.net.au [210.0.95.29] > Jun 26 11:51:17 sleepyowl ipop3d[75834]: Login failed user=data > auth=data > host=210.0.95.29.static.nexnet.net.au [210.0.95.29] > Jun 26 11:51:19 sleepyowl ipop3d[75836]: Login failed user=daustin > auth=daustin host=210.0.95.29.static.nexnet.net.au [210.0.95.29] > > > Typical FTP attack: > > Jun 26 14:04:15 sleepyowl ftpd[79060]: FTP LOGIN FAILED FROM > 211.151.240.50, anne > Jun 26 14:04:34 sleepyowl ftpd[79067]: FTP LOGIN FAILED FROM > 211.151.240.50, anne > Jun 26 14:04:53 sleepyowl ftpd[79069]: FTP LOGIN FAILED FROM > 211.151.240.50, anne > > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
