Bruteforce...

>
>
>  Bom dia a todos, venho aqui novamente pedir uma ajuda...
>
>
>
> # Normalizar Pacotes #
> scrub all reassemble tcp
> scrub out all no-df max-mss 1492 random-id
>
>
>
> # Engana ataques fingerprint #
> set require-order yes
> #set optimization normal
> #set fingerprints etc/pf.os
>
>
>
> # Roteamento #
> nat on fxp0 from 192.168.0.0/24 to any -> xxx.xx.xxx.xxx
>
>
>
> # Macros dos Adaptadores #
> externa = "fxp0"
> interna = "vr0"
> placa = "{fxp0,vr0}"
>
>
>
> # Redirecionamento #
> rdr on $externa proto tcp from any to XXX.XX.XXX.XXX port 10150 ->
> 192.168.0.150 port 5900
>
>
>
> # Tabelas #
> table <bruteforce> persist
>
>
>
> # FTP #
> nat-anchor "ftp-proxy/*"
> rdr-anchor "ftp-proxy/*"
> rdr on $interna proto tcp from any to any port 21 -> 127.0.0.1 port 8021
>
> pass in quick proto tcp from any to XXX.XX.XXX.XXX port 22 flags S/SA \keep
> state (max-src-states 1)
>
>
> # Quebra Scan NMAP #
> block in quick proto tcp flags FUP/WEUAPRSF
> block in quick proto tcp flags WEUAPRSF/WEUAPRSF
> block in quick proto tcp flags SRAFU/WEUAPRSF
> block in quick proto tcp flags /WEUAPRSF
> block in quick proto tcp flags SR/SR
> block in quick proto tcp flags SF/SF
> block drop in quick on $placa from any os {NMAP}
>
>
>
> # Serviços TCP e UDP #
> tcp_services = "{ssh, smtp, domain, www, pop3, pop3s, auth, http, https}"
> udp_services = "{domain}"
> icmp_types="echoreq"
> pass out proto tcp to any port $tcp_services
> pass proto udp to any port $udp_services
> pass inet proto tcp from any to $interna
>
>
>
> # Loopback #
> set skip on lo0
>
>
>
> # Antispoof #
> antispoof for vr0 inet
>
>
>
> # Bloquear Brute Force #
> block log quick from <bruteforce>
> pass inet proto tcp from any to $interna port $tcp_services keep state
> (max-src-conn 50, max-src-conn-rate 5/5, overload <bruteforce> flush global)
>
>
> e continuo vendo esses log´s...
>
>
>
> May 20 19:42:06 firewall254 sshd[23749]: Invalid user aabakken from
> 200.69.47.105
> May 20 19:42:06 firewall254 sshd[8642]: input_userauth_request: invalid user
> aabakken
> May 20 19:42:06 firewall254 sshd[23749]: Failed password for invalid user
> aabakken from 200.69.47.105 port 52186 ssh2
> May 20 19:42:07 firewall254 sshd[8642]: Received disconnect from
> 200.69.47.105: 11: Bye Bye
> May 21 06:18:38 firewall254 sshd[6205]: Did not receive identification
> string from 202.108.59.118
> May 21 06:25:18 firewall254 sshd[6027]: Invalid user quarchioni from
> 202.108.59.118
> May 21 06:25:18 firewall254 sshd[22579]: input_userauth_request: invalid
> user quarchioni
> May 21 06:25:18 firewall254 sshd[22579]: Connection closed by 202.108.59.118
> May 21 06:25:18 firewall254 sshd[6027]: Failed password for invalid user
> quarchioni from 202.108.59.118 port 29701 ssh2
> May 21 06:28:16 firewall254 sshd[10469]: Connection closed by 202.108.59.118
> May 21 07:35:30 firewall254 sshd[13045]: Did not receive identification
> string from 61.132.145.247
> May 21 07:38:51 firewall254 sshd[18941]: Invalid user globus from
> 61.132.145.247
> May 21 07:38:51 firewall254 sshd[4603]: input_userauth_request: invalid user
> globus
> May 21 07:38:51 firewall254 sshd[18941]: Failed password for invalid user
> globus from 61.132.145.247 port 62713 ssh2
> May 21 07:38:51 firewall254 sshd[4603]: Received disconnect from
> 61.132.145.247: 11: Bye Bye
> May 21 07:40:26 firewall254 sshd[16495]: Connection closed by 61.132.145.247
>
>
> Uso OpenBSD 4.6 e esse firewall é só pra NAT para quase 50 computadores
>
> Oq falta na minha conf pra parar com essas tentativas de bruteforce?
>
>
>
> Atenciosamente... Júnior Maia!!!
>    
> _________________________________________________________________
> DIVIRTA SEUS AMIGOS NO MESSENGER. TRANSFORME AQUI SUAS FOTOS EM EMOTICONS, É
> GRÁTIS.
> http://ilm.windowslive.com.br/?ocid=ILM:ILM:Hotmail:Tagline:1x1:Tagline