RE: inbound ssh ceased on 4 servers at same time

From: John Brooks (john_at_day-light.com)
Date: 06/04/05

  • Next message: Cody Baker: "Re: inbound ssh ceased on 4 servers at same time" 
    To: "Brian Reichert" <reichert@numachi.com>
Date: Sat, 4 Jun 2005 13:14:28 -0500

    Thanks, sounds good to do on the outward facing firewall. These
    four freebsd boxes are protected behind an openbsd firewall so
    none of the brute-force sshd attacks have ever reached them.

    All four machines were updated (buildworld) exactly 30 days
    earlier, and all developed this behavior at the same time.
    Seems almost too much of a coincidence. I guess it's time to
    start checksuming binaries with boxes on other networks not
    exhibiting this problem. 

    --
John Brooks
john@day-light.com 
> -----Original Message-----
> From: Brian Reichert [mailto:reichert@numachi.com]
> Sent: Saturday, June 04, 2005 12:48 PM
> To: John Brooks
> Cc: freebsd-isp@freebsd.org
> Subject: Re: inbound ssh ceased on 4 servers at same time
> 
> 
> On Sat, Jun 04, 2005 at 12:10:28AM -0500, John Brooks wrote:
> > today at about noon, all four freebsd servers on a clients lan
> > quit accepting ssh connections.
> 
> I've been seeing a lot of brute-force sshd attacks, which leave
> a lot of connections in an awkward state.  I've done this for my
> primary sshd server, and seems to have alleviated my problems:
> 
> LoginGraceTime 60
> MaxStartups 10:30:60
> 
> > --
> > John Brooks
> > john@day-light.com 
> 
> -- 
> Brian Reichert				<reichert@numachi.com>
> 55 Crystal Ave. #286			Daytime number: (603) 434-6842
> Derry NH 03038-1725 USA			BSD admin/developer 
> at large	
> 
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
  • Next message: Cody Baker: "Re: inbound ssh ceased on 4 servers at same time"