Menu
▾
▴
Re: [Sshguard-users] Release command failed
|
From: Mij <mi...@bi...> - 2007-04-03 21:48:27
|
I suppose you opted in for "Use IPFW as firewall backend". In this case, can you see blocking rules just after a "Blocking 1.2.3.4: 4 failures over X seconds"? get ipfw rules with "ipfw list". Sshguard rule IDs in IPFW range between 55000 and 55050 by default. It is likely that you have ssh enabled in a higher rules, so those blocking rules are not passed (IPFW has a "first match win" policy) On 03/apr/07, at 23:20, David V. Kocher wrote: > I use IPFW. The sshguard version installed is from ports > (sshguard-0.91_1) [1]. > > -David > > [1] http://www.freshports.org/security/sshguard/ > > On 03.04.2007, at 23:01, Mij wrote: > >> hello david >> >> what firewall are you using on you freebsd box? Is the sshguard fw >> backend consistent with it? >> >> >> On 03/apr/07, at 17:27, David V. Kocher wrote: >> >>> I can see the following in my log >>>> Apr 2 20:23:19 gdp-bsd-231-218 sshguard[118]: Blocking >>>> 195.140.140.35: 4 failures over 0 seconds. >>>> Apr 2 20:23:19 gdp-bsd-231-218 sshd[782]: Failed password for >>>> illegal user rpc from 195.140.140.35 port 47790 ssh2 >>>> Apr 2 20:23:20 gdp-bsd-231-218 sshd[787]: Failed password for >>>> illegal user gopher from 195.140.140.35 port 47817 ssh2 >>>> Apr 2 20:30:44 gdp-bsd-231-218 sshguard[118]: Release command >>>> failed. Exited: 17664 >>>> >>> >>> I am wondering why there are still failed login attempts after >>> sshguard claims to have blocked the IP address in question and what >>> the 'Release command failed' error message which appears numerous >>> times means. >>> >>> My system is FreeBSD 5.4-RELEASE-p14. >>> >>> Thanks. >>> -David >>> >>> -------------------------------------------------------------------- >>> -- >>> --- >>> Take Surveys. Earn Cash. Influence the Future of IT >>> Join SourceForge.net's Techsay panel and you'll get the chance to >>> share your >>> opinions on IT & business topics through brief surveys-and earn cash >>> http://www.techsay.com/default.php? >>> page=join.php&p=sourceforge&CID=DEVDEV >>> _______________________________________________ >>> Sshguard-users mailing list >>> Ssh...@li... >>> https://lists.sourceforge.net/lists/listinfo/sshguard-users >> >> >> --------------------------------------------------------------------- >> ---- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to >> share your >> opinions on IT & business topics through brief surveys-and earn cash >> http://www.techsay.com/default.php? >> page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Sshguard-users mailing list >> Ssh...@li... >> https://lists.sourceforge.net/lists/listinfo/sshguard-users >> > |
