Menu
▾
▴
Re: [Sshguard-users] Is sshguard working?
|
From: <li...@la...> - 2015-08-04 00:23:07
|
I'm new to freebsd, so assume I am clueless and you are probably correct.
Let me know if top posting is an issue.
# ipfw list
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
01100 check-state
01200 allow tcp from me to any established
01300 allow tcp from me to any setup keep-state
01400 allow udp from me to any keep-state
01500 allow icmp from me to any keep-state
01600 allow ipv6-icmp from me to any keep-state
01700 allow udp from 0.0.0.0 68 to 255.255.255.255 dst-port 67 out
01800 allow udp from any 67 to me dst-port 68 in
01900 allow udp from any 67 to 255.255.255.255 dst-port 68 in
02000 allow udp from fe80::/10 to me dst-port 546 in
02100 allow icmp from any to any icmptypes 8
02200 allow ipv6-icmp from any to any ip6 icmp6types 128,129
02300 allow icmp from any to any icmptypes 3,4,11
02400 allow ipv6-icmp from any to any ip6 icmp6types 3
02500 allow tcp from any to me dst-port 22
02600 allow tcp from any to me dst-port 443
02700 allow tcp from any to me dst-port 80
02800 allow tcp from any to me dst-port 500
02900 allow tcp from any to me dst-port 4500
65000 count ip from any to any
65100 allow log udp from any to any dst-port 500 keep-state
65200 allow log udp from any 500 to any keep-state
65300 allow log udp from any to any dst-port 4500 keep-state
65400 allow log udp from any 4500 to any keep-state
65500 deny { tcp or udp } from any to any dst-port 135-139,445 in
65500 deny { tcp or udp } from any to any dst-port 1026,1027 in
65500 deny { tcp or udp } from any to any dst-port 1433,1434 in
65500 deny ip from any to 255.255.255.255
65500 deny ip from any to 224.0.0.0/24 in
65500 deny udp from any to any dst-port 520 in
65500 deny tcp from any 80,443 to any dst-port 1024-65535 in
65500 deny log logamount 500 ip from any to any
65535 deny ip from any to any
Original Message
From: James Harris
Sent: Monday, August 3, 2015 3:15 PM
To: ssh...@li...
Reply To: ssh...@li...
Subject: Re: [Sshguard-users] Is sshguard working?
No I'm suggesting you look at the running firewall configuration to see if sshguard is adding rules for you.
I believe on freebsd that is 'ipfw list'
On Sun, Aug 2, 2015 at 9:58 PM, <li...@la...> wrote:
Would that be in rc.firewall? There isn't any comment regarding sshguard in that file.
From: James Harris
Sent: Saturday, August 1, 2015 11:29 AM
To: ssh...@li...
Reply To: ssh...@li...
Subject: Re: [Sshguard-users] Is sshguard working?
Have you checked the firewall rules? You should see the one sshguard added.
On Aug 1, 2015 10:50 AM, <li...@la...> wrote:
This is a sample of my auth.log or message log on freebsd using sshguard-ifpw. The user is blocked, but the attack keeps coming.
------------------
Aug 1 02:37:14 theranch sshd[56857]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:37:15 theranch last message repeated 2 times
Aug 1 02:37:16 theranch sshguard[55685]: Offender '218.87.111.110:4' scored 40 danger in 1 abuses (threshold 40) -> blacklisted.
Aug 1 02:37:16 theranch sshguard[55685]: Blocking 218.87.111.110:4 for >0secs: 40 danger in 3 attacks over 1 seconds (all: 40d in 1 abuses over 1s).
Aug 1 02:37:38 theranch sshd[56863]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:37:39 theranch last message repeated 2 times
Aug 1 02:37:41 theranch sshd[56868]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:37:43 theranch last message repeated 2 times
Aug 1 02:37:46 theranch sshd[56873]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:37:48 theranch last message repeated 2 times
Aug 1 02:37:50 theranch sshd[56878]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:37:51 theranch last message repeated 2 times
Aug 1 02:37:54 theranch sshd[56883]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:37:55 theranch last message repeated 2 times
Aug 1 02:37:57 theranch sshd[56888]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:37:58 theranch last message repeated 2 times
Aug 1 02:38:00 theranch sshd[56893]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:38:01 theranch last message repeated 2 times
Aug 1 02:38:18 theranch sshd[56899]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:38:19 theranch last message repeated 2 times
Aug 1 02:38:27 theranch sshd[56904]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:38:27 theranch last message repeated 2 times
Aug 1 02:38:30 theranch sshd[56909]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:38:31 theranch last message repeated 2 times
Aug 1 02:38:33 theranch sshd[56914]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:38:34 theranch last message repeated 2 times
Aug 1 02:38:38 theranch sshd[56919]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:38:39 theranch last message repeated 2 times
Aug 1 02:38:41 theranch sshd[56924]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:38:42 theranch last message repeated 2 times
Aug 1 02:38:46 theranch sshd[56929]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:38:47 theranch last message repeated 2 times
Aug 1 02:38:49 theranch sshd[56934]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:38:50 theranch last message repeated 2 times
Aug 1 02:39:02 theranch sshd[56939]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:39:03 theranch last message repeated 2 times
Aug 1 02:39:05 theranch sshd[56944]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:39:06 theranch last message repeated 2 times
Aug 1 02:39:20 theranch sshd[56949]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:39:21 theranch last message repeated 2 times
Aug 1 02:39:43 theranch sshd[56956]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:39:44 theranch last message repeated 2 times
Aug 1 02:39:51 theranch sshd[56961]: error: PAM: authentication error for root from 218.87.111.110
Aug 1 02:39:52 theranch last message repeated 2 times
------------------------------------------------------------------------------
_______________________________________________
Sshguard-users mailing list
Ssh...@li...
https://lists.sourceforge.net/lists/listinfo/sshguard-users
------------------------------------------------------------------------------
_______________________________________________
Sshguard-users mailing list
Ssh...@li...
https://lists.sourceforge.net/lists/listinfo/sshguard-users
--
James Harris
Software Engineer
jam...@gm...
|
