bruteblock

Software for blocking bruteforce attacks with ipfw

Bruteblock allows system administrators to block various bruteforce attacks on UNIX services. The program analyzes system logs and adds attacker's IP address into ipfw2 table effectively blocking them. Addresses are automatically removed from the table after specified amount of time. Bruteblock uses regular expressions to parse logs, which provides flexibility allowing it to be used with almost any network service. Bruteblock is written in pure C, doesn't use any external programs and work with ipfw2 tables via raw sockets API.