Re: inbound ssh ceased on 4 servers at same time

From: Marcin Jessa (lists_at_yazzy.org)
Date: 06/09/05

  • Next message: ovidiue_at_unixware.ro: "(no subject)"
    Date: Thu, 9 Jun 2005 16:35:04 +0200
    To: john@day-light.com
    
    

    Hi.

    I know of a patch which locks out ssh users after X unsecessfull attempts (with possibility of whitelisting). I think the guys from pfsense use it or at least have that patch somewhere.
    I thought OpenBSD had an option in sshd or/and pf for that as well.
    Thanks for the answer John.

    Cheers,
    Marcin.

    On Thu, 9 Jun 2005 08:56:33 -0500
    "John Brooks" <john@day-light.com> wrote:

    > All traffic must pass thru the firewall in order to reach the
    > inside network. There are no nat redirect rules for port 22, so
    > all port 22 traffic is intercepted by the firewall. The only
    > way to reach interior hosts is to specifically log onto the firewall
    > and from the firewall ssh into the interior hosts.
    >
    > On some of my networks the firewall will only accept traffic from
    > specific hosts, dropping all others. (sshd is running on all hosts)
    > All of my firewalls are running hardened versions of OpenBSD. All
    > of the servers behind the firewalls are running FreeBSD.
    >
    > --
    > John Brooks
    > john@day-light.com
    >
    > > -----Original Message-----
    > > From: Marcin Jessa [mailto:lists@yazzy.org]
    > > Sent: Thursday, June 09, 2005 8:39 AM
    > > To: john@day-light.com
    > > Cc: freebsd-isp@freebsd.org
    > > Subject: Re: inbound ssh ceased on 4 servers at same time
    > >
    > >
    > > Hi John, guys.
    > >
    > > On Sat, 4 Jun 2005 13:14:28 -0500
    > > "John Brooks" <john@day-light.com> wrote:
    > >
    > > > Thanks, sounds good to do on the outward facing firewall. These
    > > > four freebsd boxes are protected behind an openbsd firewall so
    > > > none of the brute-force sshd attacks have ever reached them.
    > >
    > > How do you filter those brute-force attacks?
    > > Do you check existence of users on the actual server running sshd ?
    > > I get hundreds of those attacks every day.
    > >
    > > Cheers,
    > > Marcin Jessa.
    > >
    > _______________________________________________
    > freebsd-isp@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"


  • Next message: ovidiue_at_unixware.ro: "(no subject)"

    Relevant Pages

    • RE: Purging Blaster.worm
      ... hits to go, "Man, I thought our firewall would stop it." ... will just keep changing ports ... to freaking patch the systems. ... store/shop, and yes, the Symantec removal tool works great. ...
      (Security-Basics)
    • WORM virus shutting down my computer
      ... click the little box to enable your Firewall. ... you can download the Patch. ... Then go on the internet: ... Click on download on the right- takes about five to six ...
      (microsoft.public.windowsxp.security_admin)
    • Re: [fw-wiz] terminal services
      ... >> pointing out the danger of opening extra holes in your firewall. ... >that a VPN is a hole in the firewall, albeit generally a mitigated hole, ... >people didn't patch their machines. ...
      (Firewall-Wizards)
    • Re: Patch Day November 2005
      ... Auch uns ist das Problem mit dem Buffer Overflows bekannt. ... IE-(Kernel Browser) nur sinnhaftig ist wenn eine entsprechende Vorschottung ... (Firewall die NAT,SPI,und ... Kaspersky biete in seinen Viren schutz diese Patch bereits beim stündlichen ...
      (microsoft.public.de.security.heimanwender)
    • Re: Pop-ups, Pop-ups, etc. only on XP
      ... Any patch that works the way you suggest would occasionally ... >Are you saying the Messenger service is not needed? ... A web server that isn't behind a firewall is a risk waiting to happen. ... ports except those known to be a problem, ...
      (microsoft.public.windowsxp.security_admin)