![]() |
|
News News regarding BSD and related. |
![]() |
|
Thread Tools | Display Modes |
|
|||
![]()
In http://bsdly.blogspot.ca/2013/02/the...igh-ports.html Peter Hansteen reports about ssh probes on other ports than the standard port 22.
There is also a discussion at slashdot
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
![]()
Non-standard SSH ports have always been a poor security measure and more of a pain in dealing with client configuration than they're worth. Public key auth FTW! PasswordAuthentication No is always one of the first edits I make to sshd_config.
|
|
|||
![]()
1. Using the standard port of 22 is asking for trouble. Whenever I enable ssh, the port number for logging into will constantly be changed.
2. The password will constantly be changed. Paranoia is good. |
|
|||
![]()
On the Freebsd server I administer, I moved ssh to another port, only to get rid of those annoying messages in the log file.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
![]()
Luckily I use SSH on such a small network that the authlog messages aren't too annoying, but FWIW it's fairly easy with pf to block traffic from hosts that complete too many TCP handshakes on port 22 in too short a window of time.
With these lines in pf.conf, if a host connects over port 22 more than three times in ten seconds they're added to the brutes table and any existing states involving that host are removed: Code:
table <brutes> persist block quick from <brutes> pass in on egress inet proto tcp from any to (egress) port 22 keep state (max-src-conn-rate 3/10, overload <brutes> flush global) Last edited by asemisldkfj; 19th February 2013 at 01:57 AM. Reason: adding link |
|
|||
![]()
There's also fail2ban which according to this blog post can be integrated with pf with a little bit of manual configuration.
|
![]() |
Tags |
ssh, ssh brute force attack, ssh hammering, ssh probes |
Thread Tools | |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
FAMP+Wordpress jail not working anymore | unixjingleman | FreeBSD General | 0 | 10th September 2012 01:52 PM |
NAUTILUS does not display /etc/fstab contents anymore | vermaden | FreeBSD General | 0 | 13th April 2011 06:58 AM |
My keyboard is not working properly anymore in OpenBSD | newbsdied | OpenBSD General | 2 | 4th November 2010 11:20 PM |
Protection against Fingerprinting | magnesik | OpenBSD Security | 0 | 6th February 2010 12:12 AM |
Can't passwd on all accounts anymore | ck2323 | FreeBSD General | 1 | 7th October 2009 03:28 AM |