Re: inbound ssh ceased on 4 servers at same time
From: Marcin Jessa (lists_at_yazzy.org)
Date: 06/09/05
- Previous message: John Brooks: "RE: inbound ssh ceased on 4 servers at same time"
- In reply to: John Brooks: "RE: inbound ssh ceased on 4 servers at same time"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 9 Jun 2005 16:35:04 +0200 To: john@day-light.com
Hi.
I know of a patch which locks out ssh users after X unsecessfull attempts (with possibility of whitelisting). I think the guys from pfsense use it or at least have that patch somewhere.
I thought OpenBSD had an option in sshd or/and pf for that as well.
Thanks for the answer John.
Cheers,
Marcin.
On Thu, 9 Jun 2005 08:56:33 -0500
"John Brooks" <john@day-light.com> wrote:
> All traffic must pass thru the firewall in order to reach the
> inside network. There are no nat redirect rules for port 22, so
> all port 22 traffic is intercepted by the firewall. The only
> way to reach interior hosts is to specifically log onto the firewall
> and from the firewall ssh into the interior hosts.
>
> On some of my networks the firewall will only accept traffic from
> specific hosts, dropping all others. (sshd is running on all hosts)
> All of my firewalls are running hardened versions of OpenBSD. All
> of the servers behind the firewalls are running FreeBSD.
>
> --
> John Brooks
> john@day-light.com
>
> > -----Original Message-----
> > From: Marcin Jessa [mailto:lists@yazzy.org]
> > Sent: Thursday, June 09, 2005 8:39 AM
> > To: john@day-light.com
> > Cc: freebsd-isp@freebsd.org
> > Subject: Re: inbound ssh ceased on 4 servers at same time
> >
> >
> > Hi John, guys.
> >
> > On Sat, 4 Jun 2005 13:14:28 -0500
> > "John Brooks" <john@day-light.com> wrote:
> >
> > > Thanks, sounds good to do on the outward facing firewall. These
> > > four freebsd boxes are protected behind an openbsd firewall so
> > > none of the brute-force sshd attacks have ever reached them.
> >
> > How do you filter those brute-force attacks?
> > Do you check existence of users on the actual server running sshd ?
> > I get hundreds of those attacks every day.
> >
> > Cheers,
> > Marcin Jessa.
> >
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: John Brooks: "RE: inbound ssh ceased on 4 servers at same time"
- In reply to: John Brooks: "RE: inbound ssh ceased on 4 servers at same time"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
