BruteForceBlocker

Infobox_Software
name = BruteForceBlocker
caption = BruteForceBlocker
developer = Daniel Gerzo
latest_release_version = 1.2.3
latest_release_date = March 6, 2006
operating_system = FreeBSD,OpenBSD,NetBSD,DragonflyBSD,Linux
genre = Intrusion prevention
license =
website = http://danger.rulez.sk/index.php/bruteforceblocker/

BruteForceBlocker is a Perl script that works along with PF_(firewall) to block brute force attempts to log in to ssh.

Functionality

When this script is running, it checks sshd logs from syslog and looks for Failed Login attempts - mostly some annoying script attacks, and counts number of such attempts.

When the given IP reaches configured limit of fails, script puts this IP to the pf’s table and block any further traffic to the that box from the given IP (This also depends on your configuration in pf.conf).

Since the version of BruteForceBlocker 1.2 it is also possible to report blocked IPs to the project site and share your information with other users. The list of reported IPs is available [http://danger.rulez.sk/projects/bruteforceblocker/blist.php BruteForceBlocker list] .

ee also

*DenyHosts
*BlockHosts
*OSSEC, an Open Source Host-based intrusion detection system.

External links

* [http://danger.rulez.sk/index.php/bruteforceblocker// BruteForceBlocker website]
* [http://danger.rulez.sk/projects/bruteforceblocker/blist.php BruteForceBlocker list]