RE: inbound ssh ceased on 4 servers at same time

From: John Brooks (john_at_day-light.com)
Date: 06/09/05

  • Next message: Marcin Jessa: "Re: inbound ssh ceased on 4 servers at same time" 
    To: "Marcin Jessa" <lists@yazzy.org>
Date: Thu, 9 Jun 2005 08:56:33 -0500

    All traffic must pass thru the firewall in order to reach the
    inside network. There are no nat redirect rules for port 22, so
    all port 22 traffic is intercepted by the firewall. The only
    way to reach interior hosts is to specifically log onto the firewall
    and from the firewall ssh into the interior hosts.

    On some of my networks the firewall will only accept traffic from
    specific hosts, dropping all others. (sshd is running on all hosts)
    All of my firewalls are running hardened versions of OpenBSD. All
    of the servers behind the firewalls are running FreeBSD. 

    --
John Brooks
john@day-light.com 
> -----Original Message-----
> From: Marcin Jessa [mailto:lists@yazzy.org]
> Sent: Thursday, June 09, 2005 8:39 AM
> To: john@day-light.com
> Cc: freebsd-isp@freebsd.org
> Subject: Re: inbound ssh ceased on 4 servers at same time
> 
> 
> Hi John, guys.
> 
> On Sat, 4 Jun 2005 13:14:28 -0500
> "John Brooks" <john@day-light.com> wrote:
> 
> > Thanks, sounds good to do on the outward facing firewall. These
> > four freebsd boxes are protected behind an openbsd firewall so
> > none of the brute-force sshd attacks have ever reached them.
> 
> How do you filter those brute-force attacks? 
> Do you check existence of users on the actual server running sshd ?
> I get hundreds of those attacks every day.
> 
> Cheers,
> Marcin Jessa.
> 
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
  • Next message: Marcin Jessa: "Re: inbound ssh ceased on 4 servers at same time"

    Relevant Pages

    • Re: Turning on Media Sharing in WMP11
      ... I believe it forms quite a reasonable network media device. ... Turning on SSDP (it was disabled as was uPnP) to Manual and then UPnP ... If there is a firewall, or NAT, built into your ... You need to open port s: ...
      (microsoft.public.windowsmedia.player)
    • Re: May need to move from SBS because of connection issues
      ... Just to make sure you are clear regarding port 4125, ... access remote systems and you are behind a firewall on a non-SBS network, ... established that RWW worked TO your SBS network from outside. ... have been proof that the required ports were forwarded to the SBS server. ...
      (microsoft.public.windows.server.sbs)
    • Re: Identifying Internet Attacks
      ... contain the hacker to a particular machine, leave the machine on the network ... Some firewall software such as ... open ports; however, this will not identify which program is using the port. ... firewall logs, the IIS web and ftp server logs and Windows security event ...
      (microsoft.public.inetserver.iis.security)
    • Re: Leopard Firewall Warning
      ... machines on a particular network can access a port. ... The new scheme is an XP-style application based firewall; ... This, as an example, allows an attacker, once ...
      (uk.comp.sys.mac)
    • Re: firewall ports
      ... > I am wondering how safe my network is with the firewall i have set up.. ... how does this compromise the security to my network if at all? ... non-standard ports, anyone can run nmap or any type of port scanner to see ...
      (comp.security.firewalls)
    • Quantcast