DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 17th February 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default There's No Protection In High Ports Anymore, Son. If Indeed There Ever Was.

In http://bsdly.blogspot.ca/2013/02/the...igh-ports.html Peter Hansteen reports about ssh probes on other ports than the standard port 22.

There is also a discussion at slashdot
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 17th February 2013
asemisldkfj
-Guest-
 
Posts: n/a
Default

Non-standard SSH ports have always been a poor security measure and more of a pain in dealing with client configuration than they're worth. Public key auth FTW! PasswordAuthentication No is always one of the first edits I make to sshd_config.
Reply With Quote
  #3   (View Single Post)  
Old 18th February 2013
Ninguem Ninguem is offline
Banned
 
Join Date: Jun 2011
Posts: 137
Default

1. Using the standard port of 22 is asking for trouble. Whenever I enable ssh, the port number for logging into will constantly be changed.
2. The password will constantly be changed.

Paranoia is good.
Reply With Quote
  #4   (View Single Post)  
Old 18th February 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Ninguem,

This is "security through obscurity" and only provides a false sense of security. And best practice is to replace passwords with a better authentication system, such as PKA with passphrases

Last edited by jggimi; 18th February 2013 at 10:30 AM. Reason: typos.
Reply With Quote
  #5   (View Single Post)  
Old 18th February 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

On the Freebsd server I administer, I moved ssh to another port, only to get rid of those annoying messages in the log file.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #6   (View Single Post)  
Old 19th February 2013
asemisldkfj
-Guest-
 
Posts: n/a
Default

Luckily I use SSH on such a small network that the authlog messages aren't too annoying, but FWIW it's fairly easy with pf to block traffic from hosts that complete too many TCP handshakes on port 22 in too short a window of time.

With these lines in pf.conf, if a host connects over port 22 more than three times in ten seconds they're added to the brutes table and any existing states involving that host are removed:

Code:
table <brutes> persist
block quick from <brutes>
pass in on egress inet proto tcp from any to (egress) port 22 keep state (max-src-conn-rate 3/10, overload <brutes> flush global)
Edit: relevant section of pf.conf man page

Last edited by asemisldkfj; 19th February 2013 at 01:57 AM. Reason: adding link
Reply With Quote
  #7   (View Single Post)  
Old 19th February 2013
asemisldkfj
-Guest-
 
Posts: n/a
Default

There's also fail2ban which according to this blog post can be integrated with pf with a little bit of manual configuration.
Reply With Quote
Reply

Tags
ssh, ssh brute force attack, ssh hammering, ssh probes

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FAMP+Wordpress jail not working anymore unixjingleman FreeBSD General 0 10th September 2012 01:52 PM
NAUTILUS does not display /etc/fstab contents anymore vermaden FreeBSD General 0 13th April 2011 06:58 AM
My keyboard is not working properly anymore in OpenBSD newbsdied OpenBSD General 2 4th November 2010 11:20 PM
Protection against Fingerprinting magnesik OpenBSD Security 0 6th February 2010 12:12 AM
Can't passwd on all accounts anymore ck2323 FreeBSD General 1 7th October 2009 03:28 AM


All times are GMT. The time now is 08:56 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick