Bom dia a todos, venho aqui novamente pedir uma ajuda... # Normalizar Pacotes # scrub all reassemble tcp scrub out all no-df max-mss 1492 random-id # Engana ataques fingerprint # set require-order yes #set optimization normal #set fingerprints etc/pf.os # Roteamento # nat on fxp0 from 192.168.0.0/24 to any -> xxx.xx.xxx.xxx # Macros dos Adaptadores # externa = "fxp0" interna = "vr0" placa = "{fxp0,vr0}" # Redirecionamento # rdr on $externa proto tcp from any to XXX.XX.XXX.XXX port 10150 -> 192.168.0.150 port 5900 # Tabelas # table <bruteforce> persist # FTP # nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr on $interna proto tcp from any to any port 21 -> 127.0.0.1 port 8021 pass in quick proto tcp from any to XXX.XX.XXX.XXX port 22 flags S/SA \keep state (max-src-states 1) # Quebra Scan NMAP # block in quick proto tcp flags FUP/WEUAPRSF block in quick proto tcp flags WEUAPRSF/WEUAPRSF block in quick proto tcp flags SRAFU/WEUAPRSF block in quick proto tcp flags /WEUAPRSF block in quick proto tcp flags SR/SR block in quick proto tcp flags SF/SF block drop in quick on $placa from any os {NMAP} # Serviços TCP e UDP # tcp_services = "{ssh, smtp, domain, www, pop3, pop3s, auth, http, https}" udp_services = "{domain}" icmp_types="echoreq" pass out proto tcp to any port $tcp_services pass proto udp to any port $udp_services pass inet proto tcp from any to $interna # Loopback # set skip on lo0 # Antispoof # antispoof for vr0 inet # Bloquear Brute Force # block log quick from <bruteforce> pass inet proto tcp from any to $interna port $tcp_services keep state (max-src-conn 50, max-src-conn-rate 5/5, overload <bruteforce> flush global) e continuo vendo esses log´s... May 20 19:42:06 firewall254 sshd[23749]: Invalid user aabakken from 200.69.47.105 May 20 19:42:06 firewall254 sshd[8642]: input_userauth_request: invalid user aabakken May 20 19:42:06 firewall254 sshd[23749]: Failed password for invalid user aabakken from 200.69.47.105 port 52186 ssh2 May 20 19:42:07 firewall254 sshd[8642]: Received disconnect from 200.69.47.105: 11: Bye Bye May 21 06:18:38 firewall254 sshd[6205]: Did not receive identification string from 202.108.59.118 May 21 06:25:18 firewall254 sshd[6027]: Invalid user quarchioni from 202.108.59.118 May 21 06:25:18 firewall254 sshd[22579]: input_userauth_request: invalid user quarchioni May 21 06:25:18 firewall254 sshd[22579]: Connection closed by 202.108.59.118 May 21 06:25:18 firewall254 sshd[6027]: Failed password for invalid user quarchioni from 202.108.59.118 port 29701 ssh2 May 21 06:28:16 firewall254 sshd[10469]: Connection closed by 202.108.59.118 May 21 07:35:30 firewall254 sshd[13045]: Did not receive identification string from 61.132.145.247 May 21 07:38:51 firewall254 sshd[18941]: Invalid user globus from 61.132.145.247 May 21 07:38:51 firewall254 sshd[4603]: input_userauth_request: invalid user globus May 21 07:38:51 firewall254 sshd[18941]: Failed password for invalid user globus from 61.132.145.247 port 62713 ssh2 May 21 07:38:51 firewall254 sshd[4603]: Received disconnect from 61.132.145.247: 11: Bye Bye May 21 07:40:26 firewall254 sshd[16495]: Connection closed by 61.132.145.247 Uso OpenBSD 4.6 e esse firewall é só pra NAT para quase 50 computadores Oq falta na minha conf pra parar com essas tentativas de bruteforce? Atenciosamente... Júnior Maia!!! QUER NAVERGAR COM MAIS SEGURANÇA? VEJA AS DICAS DO INTERNET EXPLORER 8. _______________________________________________ OpenBSD mailing list [hidden email] http://neei.uevora.pt/mailman/listinfo/openbsd |
with pf firewall:
pass quick proto { tcp, udp } from any to any port ssh \ flags S/SA keep state \ (max-src-conn 15, max-src-conn-rate 5/3, \ overload <bruteforce> flush global) and install expiretable: /usr/local/sbin/expiretable -v -d -t 24h bruteforce see why here: http://www.bgnett.no/~peter/pf/en/bruteforce.html#FTN.AEN1142 with sshd: Port 65533 # \o/ AllowUsers yourUser LoginGraceTime 10s PermitRootLogin no StrictModes yes MaxAuthTries 3 tip: strong passwords of course. bye! On 5/21/10, Júnior Maia Júnior <[hidden email]> wrote: > > > Bom dia a todos, venho aqui novamente pedir uma ajuda... > > > > # Normalizar Pacotes # > scrub all reassemble tcp > scrub out all no-df max-mss 1492 random-id > > > > # Engana ataques fingerprint # > set require-order yes > #set optimization normal > #set fingerprints etc/pf.os > > > > # Roteamento # > nat on fxp0 from 192.168.0.0/24 to any -> xxx.xx.xxx.xxx > > > > # Macros dos Adaptadores # > externa = "fxp0" > interna = "vr0" > placa = "{fxp0,vr0}" > > > > # Redirecionamento # > rdr on $externa proto tcp from any to XXX.XX.XXX.XXX port 10150 -> > 192.168.0.150 port 5900 > > > > # Tabelas # > table <bruteforce> persist > > > > # FTP # > nat-anchor "ftp-proxy/*" > rdr-anchor "ftp-proxy/*" > rdr on $interna proto tcp from any to any port 21 -> 127.0.0.1 port 8021 > > pass in quick proto tcp from any to XXX.XX.XXX.XXX port 22 flags S/SA \keep > state (max-src-states 1) > > > # Quebra Scan NMAP # > block in quick proto tcp flags FUP/WEUAPRSF > block in quick proto tcp flags WEUAPRSF/WEUAPRSF > block in quick proto tcp flags SRAFU/WEUAPRSF > block in quick proto tcp flags /WEUAPRSF > block in quick proto tcp flags SR/SR > block in quick proto tcp flags SF/SF > block drop in quick on $placa from any os {NMAP} > > > > # Serviços TCP e UDP # > tcp_services = "{ssh, smtp, domain, www, pop3, pop3s, auth, http, https}" > udp_services = "{domain}" > icmp_types="echoreq" > pass out proto tcp to any port $tcp_services > pass proto udp to any port $udp_services > pass inet proto tcp from any to $interna > > > > # Loopback # > set skip on lo0 > > > > # Antispoof # > antispoof for vr0 inet > > > > # Bloquear Brute Force # > block log quick from <bruteforce> > pass inet proto tcp from any to $interna port $tcp_services keep state > (max-src-conn 50, max-src-conn-rate 5/5, overload <bruteforce> flush global) > > > e continuo vendo esses log´s... > > > > May 20 19:42:06 firewall254 sshd[23749]: Invalid user aabakken from > 200.69.47.105 > May 20 19:42:06 firewall254 sshd[8642]: input_userauth_request: invalid user > aabakken > May 20 19:42:06 firewall254 sshd[23749]: Failed password for invalid user > aabakken from 200.69.47.105 port 52186 ssh2 > May 20 19:42:07 firewall254 sshd[8642]: Received disconnect from > 200.69.47.105: 11: Bye Bye > May 21 06:18:38 firewall254 sshd[6205]: Did not receive identification > string from 202.108.59.118 > May 21 06:25:18 firewall254 sshd[6027]: Invalid user quarchioni from > 202.108.59.118 > May 21 06:25:18 firewall254 sshd[22579]: input_userauth_request: invalid > user quarchioni > May 21 06:25:18 firewall254 sshd[22579]: Connection closed by 202.108.59.118 > May 21 06:25:18 firewall254 sshd[6027]: Failed password for invalid user > quarchioni from 202.108.59.118 port 29701 ssh2 > May 21 06:28:16 firewall254 sshd[10469]: Connection closed by 202.108.59.118 > May 21 07:35:30 firewall254 sshd[13045]: Did not receive identification > string from 61.132.145.247 > May 21 07:38:51 firewall254 sshd[18941]: Invalid user globus from > 61.132.145.247 > May 21 07:38:51 firewall254 sshd[4603]: input_userauth_request: invalid user > globus > May 21 07:38:51 firewall254 sshd[18941]: Failed password for invalid user > globus from 61.132.145.247 port 62713 ssh2 > May 21 07:38:51 firewall254 sshd[4603]: Received disconnect from > 61.132.145.247: 11: Bye Bye > May 21 07:40:26 firewall254 sshd[16495]: Connection closed by 61.132.145.247 > > > Uso OpenBSD 4.6 e esse firewall é só pra NAT para quase 50 computadores > > Oq falta na minha conf pra parar com essas tentativas de bruteforce? > > > > Atenciosamente... Júnior Maia!!! > > _________________________________________________________________ > DIVIRTA SEUS AMIGOS NO MESSENGER. TRANSFORME AQUI SUAS FOTOS EM EMOTICONS, É > GRÁTIS. > http://ilm.windowslive.com.br/?ocid=ILM:ILM:Hotmail:Tagline:1x1:Tagline -- [*] CCNA Certified [*] LPIC-1 Certified [*] Security Enthusiast _______________________________________________ OpenBSD mailing list [hidden email] http://neei.uevora.pt/mailman/listinfo/openbsd |
Free forum by Nabble | Edit this page |