Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
- From: Frank Staals <frankstaals@xxxxxxx>
- Date: Mon, 13 Nov 2006 10:10:58 +0100
Leo L. Schwab wrote:
I recently installed FreeBSD 6.1 on my gateway. It replaced anI had the same 'problem'. As said it's not realy a problem since FreeBSD will hold just fine if you don't have any rather stupid user + pass combinations. ( test test or something like that ) Allthough I thought it was annoying that my intire log was clouded with those brute force attacks so I just set sshd to listen at an other port then 22. Maybe that's a acceptable solusion for you ? You can change the ssd port in /etc/ssh/sshd_config
installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had
disabled the SSH server. Since all the bugs in SSH are fixed now ( :-) ), I
thought I'd leave the server on, and am somewhat dismayed to discover that I
now get occasional brute-force/dictionary attacks on the port.
A little Googling revealed a couple of potentially useful tools:
's***' and 'bruteblock', both of which notice repeated login attempts from
a given IP address and blackhole it in the firewall. I first tried 's***',
but after a couple days, I noticed in my daily reports that I was still
getting lengthy bruteforce attempts, suggesting the 's***' was not working.
So I uninstalled 's***' and installed 'bruteblock'. But again a
couple days later, the logs showed lengthy bruteforce attempts going
unblocked.
The relevant lines from my /etc/syslog.conf file are:
----
auth.info;authpriv.info /var/log/auth.log
auth.info;authpriv.info | exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf
----
Any hints as to what I might be doing wrong?
Thanks,
Schwab
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
Good luck,
--
-Frank Staals
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? (Solved!)
- From: Leo L. Schwab
- Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
- From: Leo L. Schwab
- Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
- From: Gerard Seibert
- Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong? (Solved!)
- References:
- Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
- From: Leo L. Schwab
- Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
- Prev by Date: Unable to compile Firefox 2 from ports
- Next by Date: Re: bpf kernel module
- Previous by thread: Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
- Next by thread: Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
- Index(es):
