From owner-freebsd-questions@FreeBSD.ORG  Sun May 22 12:45:05 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7E94916A41C
	for <freebsd-questions@freebsd.org>;
	Sun, 22 May 2005 12:45:05 +0000 (GMT)
	(envelope-from john.destefano@gmail.com)
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.199])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2643C43D1D
	for <freebsd-questions@freebsd.org>;
	Sun, 22 May 2005 12:45:04 +0000 (GMT)
	(envelope-from john.destefano@gmail.com)
Received: by rproxy.gmail.com with SMTP id i8so688125rne
	for <freebsd-questions@freebsd.org>;
	Sun, 22 May 2005 05:45:04 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=gRpzF4pFrV3TIQGyINagUwl0i8FnChf8VkvASMuSza4243oq6ZoMagBPaHj44W4qvUBAH6mmmSDlsUd/uS9W+eHX5DO3h0CcN63bIJDnoKJRdYm7SAlIKFgHLDw5nnok65PnDgnJrCkHkTGFG4/MBbG63evSk3bP84yPR16EDEo=
Received: by 10.38.14.25 with SMTP id 25mr2665616rnn;
	Sun, 22 May 2005 05:45:04 -0700 (PDT)
Received: by 10.38.97.1 with HTTP; Sun, 22 May 2005 05:45:04 -0700 (PDT)
Message-ID: <f2160e0d05052205454e6071d5@mail.gmail.com>
Date: Sun, 22 May 2005 08:45:04 -0400
From: John DeStefano <john.destefano@gmail.com>
To: freebsd-questions@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Subject: securing SSH, FBSD systems
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: John DeStefano <john.destefano@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 22 May 2005 12:45:05 -0000

I have broached this subject before, also searched the archives & web
for a solution, but no real, clear answer for those who are not
already gurus in the subject.

I've had light-to-moderate records of attempted SSH break-ins to my
system in the past.  Over the past week, I have had daily security
records ranging in size from 10kb-120kb in size (the average for a
"clean" record with no break-in activity is 2kb), with different IPs
and ranges bein used, which leads me to believe multiple "kiddies" (or
perhaps more sophisticated attackers) are somehow sniffing out my
system and honing in for repeasted attacks.

Would someone mind briefly talking about securing FBSD systems from
such attacks, at least in a manner that's a bit more extensive and
detailed than just saying "use Snort"?  I'm not a newbie to FBSD, but
I'm not a *NIX guru either.  I'd really appreciate your help.

Thanks,
John