Menu
▾
▴
[SSHGuard-users] Initializing (null) firewall
|
From: Marcus.schmitt <mar...@pr...> - 2017-12-26 10:54:35
|
Hello, I use sshguard 2.0.0 with FreeBSD 10.3. I noticed that ssh bruteforce attacks not beeing blocked by sshguard. While I analyzed the behaviour I found out that pfctl -T show -t sshguard shows no result, but when I restart ssh guard via service sshguard restart I am able to see the folling output: ===>>> Initializing (null) firewall ===>>> Blocking 87.173.65.62 (null) ===>>> Blocking 37.228.134.110 (null) ===>>> Blocking 176.9.19.16 (null) ... ... My /etc/sshguard includes the folloging entries: sshguard_safety_threshold="8" sshguard_danger_thresh="50" sshguard_release_interval="600" sshguard_reset_interval="7200" sshguard_blacklist=100:/var/db/sshguard/blacklist.db sshguard_watch_logs="/var/log/auth.log In the auth.log I am able to see a lot of the following entries: Attack from "62.116.168.227" on service 100 with danger 10. Unfortunately I am notable to find any solution for this issue. BR Marcus |
