Menu
▾
▴
Re: [Sshguard-users] sshguar has not stopped attack
|
From: Mij <mi...@bi...> - 2009-04-17 08:19:24
|
On Mar 10, 2009, at 15:53 , Leonid Shulov wrote: > sshguar has not stopped attack from IP, which were sent 1 ssh in 1 > second - to 2-10 seconds. > In my opinion attack needs to be stopped if from one IP more -a<> hits > in -p<> seconds. > > Mar 10 14:30:27 router sshd[28492]: Invalid user raimundo from > 83.15.28.2 > Mar 10 14:30:28 router sshd[28494]: Invalid user joan from 83.15.28.2 > [...] > Mar 10 14:31:17 router sshd[28550]: Invalid user altagracia from > 83.15.28.2 > Mar 10 14:31:19 router sshd[28552]: Invalid user piedad from > 83.19.51.22 > ........ > > Now I try svn rev. 85 with: > router:~/sshguard_svn_090310/sshguard/src# ./sshguard -d -a 2 -b > 1:/var/cache/sshguard/blacklist these entries are valid, they should be recognized. What does this latter test say? When run regularly, you should see log entries like "Blocking 83.15.28.2:4 for ". If these don't appear, sshguard is probably not receiving such log messages. If they do appear and the address is not blocked, there may be a problem with the firewall backend (permissions, or mechanism). |
