首页 手机软件 手机游戏 单机游戏 资讯文章 专题下载 游戏合集 文章合集 php下载 php教程 电脑软件
+ -
当前位置:首页 → 问答吧 → sshguard-pf 无法阻挡ssh攻击,不知何解

sshguard-pf 无法阻挡ssh攻击,不知何解

时间:2010-12-26

来源:互联网

安装配置sshguard
cd /usr/ports/security/sshguard-pf
make install clean
vi etc/syslog.conf
添加
  1. auth.info;authpriv.info     |exec /usr/local/sbin/sshguard
复制代码
服务器有两个网卡,so
vi /etc/pf.conf  内容如下
  1. table <sshguard> persist

  3. set skip on lo

  5. scrub in

  7. block in quick on egress proto tcp from <sshguard> to any port 22 label "ssh bruteforce"
  8. pass in
  9. pass out
复制代码
/etc/rc.d/syslog reload


top  found
  1. 7907 root        2  44    0  7184K  1612K nanslp  4   0:00  0.00% sshguard
复制代码
tail -f /var/log/auth.log
测试ssh攻击,看起来sshguard没有发挥作用
  1. Dec 26 10:29:47 b sshd[1077]: Server listening on 0.0.0.0 port 22.
  2. Dec 26 10:29:47 b sshguard[1079]: Started successfully [(a,p,s)=(4, 420, 1200)],now ready to scan.
  3. Dec 26 10:32:18 b sshd[1202]: error: PAM: authentication error for illegal user a from 10.0.0.88
  4. Dec 26 10:32:18 b sshd[1202]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49700 ssh2
  5. Dec 26 10:32:18 b sshd[1202]: error: PAM: authentication error for illegal user a from 10.0.0.88
  6. Dec 26 10:32:18 b sshd[1202]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49700 ssh2
  7. Dec 26 10:32:23 b sshd[1206]: Invalid user a from 10.0.0.88
  8. Dec 26 10:32:23 b sshd[1206]: error: PAM: authentication error for illegal user a from 10.0.0.88
  9. Dec 26 10:32:23 b sshd[1206]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49701 ssh2
  10. Dec 26 10:32:23 b sshd[1206]: error: PAM: authentication error for illegal user a from 10.0.0.88
  11. Dec 26 10:32:23 b sshd[1206]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49701 ssh2
  12. Dec 26 10:32:29 b sshd[1210]: Invalid user a from 10.0.0.88
  13. Dec 26 10:32:29 b sshd[1210]: error: PAM: authentication error for illegal user a from 10.0.0.88
  14. Dec 26 10:32:29 b sshd[1210]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49702 ssh2
  15. Dec 26 10:32:29 b sshd[1210]: error: PAM: authentication error for illegal user a from 10.0.0.88
  16. Dec 26 10:32:29 b sshd[1210]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49702 ssh2
  17. Dec 26 10:32:34 b sshd[1214]: Invalid user a from 10.0.0.88
  18. Dec 26 10:32:34 b sshd[1214]: error: PAM: authentication error for illegal user a from 10.0.0.88
  19. Dec 26 10:32:34 b sshd[1214]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49703 ssh2
  20. Dec 26 10:32:34 b sshd[1214]: error: PAM: authentication error for illegal user a from 10.0.0.88
  21. Dec 26 10:32:34 b sshd[1214]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49703 ssh2
  22. Dec 26 10:32:39 b sshd[1218]: Invalid user a from 10.0.0.88
  23. Dec 26 10:32:39 b sshd[1218]: error: PAM: authentication error for illegal user a from 10.0.0.88
  24. Dec 26 10:32:39 b sshd[1218]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49704 ssh2
  25. Dec 26 10:32:39 b sshd[1218]: error: PAM: authentication error for illegal user a from 10.0.0.88
  26. Dec 26 10:32:39 b sshd[1218]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49704 ssh2
  27. Dec 26 10:32:43 b sshd[1222]: Invalid user a from 10.0.0.88
  28. Dec 26 10:32:44 b sshd[1222]: error: PAM: authentication error for illegal user a from 10.0.0.88
  29. Dec 26 10:32:44 b sshd[1222]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49705 ssh2
  30. Dec 26 10:32:44 b sshd[1222]: error: PAM: authentication error for illegal user a from 10.0.0.88
  31. Dec 26 10:32:44 b sshd[1222]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49705 ssh2
  32. Dec 26 10:32:48 b sshd[1226]: Invalid user a from 10.0.0.88
复制代码

作者: f5b   发布时间: 2010-12-26

环境
freebsd 8.1 release
sshguard 1.4

作者: f5b   发布时间: 2010-12-26

相关阅读 更多

热门阅读

热门下载

更多
关于本站 免责申明 联系我们

Copyright 2006-2020 php爱好者(phpfans.net) All Rights Reserved.备案号:湘ICP备2023016114号-2

本站为非盈利性网站,不接受任何广告。本站所有资源均由网友上传,如有侵权,请发邮件至 [email protected] phpfans.net