Re: [Sshguard-users] Question

[Mij <mi...@ss...>]

Nothing is wrong, but the fact you're not being attacked by one  
insisting host, but by
many in distributed fashion. There is no simple way to detect these:  
imagine you're
running a shell server with many accesses, how would you spot this is  
a distributed
attack rather than a "funnily many users got the password wrong in a  
short period of
time" ? And similarly, even once you detect this, what do you do then?

Detecting these is hard, but we have that in a TODO idle loop.


On Oct 2, 2009, at 13:00 , Emmanuel Alves wrote:

> Hi,
>
> My SSHGUARD was working perfectly, but since 2 days ago, my security  
> log has a lot of blocked IPs, but i cant find any failures to access  
> my ssh... here is part of my log:
>
> Oct  1 09:15:41 brain sshguard[77308]: Blocking 200.11.197.122: 4  
> failures over 2 seconds.
> Oct  1 09:16:24 brain sshguard[77308]: Blocking 147.52.242.30: 4  
> failures over 0 seconds.
> Oct  1 09:17:27 brain sshguard[77308]: Blocking 217.15.119.130: 4  
> failures over 0 seconds.
> Oct  1 09:17:54 brain sshguard[77308]: Blocking 77.95.0.100: 4  
> failures over 0 seconds.
> Oct  1 09:18:45 brain sshguard[77308]: Blocking 118.98.171.107: 4  
> failures over 4 seconds.
> Oct  1 09:19:27 brain sshguard[77308]: Blocking 83.142.126.50: 4  
> failures over 1 seconds.
> Oct  1 09:20:25 brain sshguard[77308]: Release command failed.  
> Exited: -1
> Oct  1 09:20:55 brain sshguard[77308]: Blocking 69.213.134.19: 4  
> failures over 7 seconds.
> Oct  1 09:21:31 brain sshguard[77308]: Blocking 203.198.161.20: 4  
> failures over 0 seconds.
> Oct  1 09:22:18 brain sshguard[77308]: Blocking 217.111.114.216: 4  
> failures over 0 seconds.
> Oct  1 09:22:55 brain sshguard[77308]: Blocking 88.84.142.50: 4  
> failures over 0 seconds.
> Oct  1 09:23:32 brain sshguard[77308]: Release command failed.  
> Exited: -1
> Oct  1 09:23:32 brain sshguard[77308]: Release command failed.  
> Exited: -1
> Oct  1 09:24:30 brain sshguard[77308]: Blocking 60.28.10.26: 4  
> failures over 139 seconds.
> Oct  1 09:25:16 brain sshguard[77308]: Blocking 82.98.78.31: 4  
> failures over 0 seconds.
> Oct  1 09:25:55 brain sshguard[77308]: Blocking 202.78.239.203: 4  
> failures over 1 seconds.
> Oct  1 09:26:43 brain sshguard[77308]: Blocking 69.129.125.162: 4  
> failures over 3 seconds.
> Oct  1 09:27:28 brain sshguard[77308]: Blocking 61.183.0.35: 4  
> failures over 0 seconds.
> Oct  1 09:28:12 brain sshguard[77308]: Blocking 83.132.104.248: 4  
> failures over 0 seconds.
> Oct  1 09:28:52 brain sshguard[77308]: Blocking 61.172.200.198: 4  
> failures over 1 seconds.
> Oct  1 09:29:57 brain sshguard[77308]: Blocking 83.142.126.51: 4  
> failures over 1 seconds.
> Oct  1 09:30:31 brain sshguard[77308]: Blocking 211.137.70.137: 4  
> failures over 3 seconds.
> Oct  1 09:31:04 brain sshguard[77308]: Blocking 202.107.85.254: 4  
> failures over 710 seconds.
> Oct  1 09:31:52 brain sshguard[77308]: Blocking 58.185.182.212: 4  
> failures over 0 seconds.
> Oct  1 09:32:37 brain sshguard[77308]: Blocking 61.131.208.44: 4  
> failures over 1 seconds.
> Oct  1 09:32:59 brain sshguard[77308]: Release command failed.  
> Exited: -1
> Oct  1 09:32:59 brain sshguard[77308]: Release command failed.  
> Exited: -1
> Oct  1 09:33:22 brain sshguard[77308]: Blocking 147.52.242.39: 4  
> failures over 0 seconds.
> Oct  1 09:34:00 brain sshguard[77308]: Blocking 80.219.210.151: 4  
> failures over 0 seconds.
> Oct  1 09:34:56 brain sshguard[77308]: Blocking 79.29.174.11: 4  
> failures over 3 seconds.
> Oct  1 09:35:33 brain sshguard[77308]: Blocking 212.235.9.44: 4  
> failures over 0 seconds.
> Oct  1 09:36:19 brain sshguard[77308]: Blocking 196.201.228.186: 4  
> failures over 0 seconds.
> Oct  1 09:37:45 brain sshguard[77308]: Blocking 189.56.92.42: 4  
> failures over 1 seconds.
>
> I´m wrong?
>
> []s
>
> Emmanuel Alves
> man...@gm...
>
> ---------------------------------------------------------------------
> Twitter: http://www.twitter.com/emartsnet
> Linked In: http://www.linkedin.com/in/emartsnet
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry® Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart  
> your
> developing skills, take BlackBerry mobile applications to market and  
> stay
> ahead of the curve. Join us from November 9-12, 2009. Register  
> now!
> http://p.sf.net/sfu/devconf_______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users