From owner-freebsd-questions@FreeBSD.ORG  Tue Sep 19 21:25:47 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7785816A58E
	for <freebsd-questions@freebsd.org>;
	Tue, 19 Sep 2006 21:25:47 +0000 (UTC)
	(envelope-from nb_root@videotron.ca)
Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E0E8243D67
	for <freebsd-questions@freebsd.org>;
	Tue, 19 Sep 2006 21:25:45 +0000 (GMT)
	(envelope-from nb_root@videotron.ca)
Received: from clk01a ([24.202.77.103]) by VL-MH-MR001.ip.videotron.ca
	(Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005))
	with ESMTP id <0J5U00AHKZIWX825@VL-MH-MR001.ip.videotron.ca> for
	freebsd-questions@freebsd.org; Tue, 19 Sep 2006 17:25:45 -0400 (EDT)
Date: Tue, 19 Sep 2006 17:25:43 -0400
From: Nicolas Blais <nb_root@videotron.ca>
In-reply-to: <70e8236f0609191412p5779d94cqa16df5631f4de916@mail.gmail.com>
To: freebsd-questions@freebsd.org
Message-id: <200609191725.43937.nb_root@videotron.ca>
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
Content-disposition: inline
References: <20060919165400.A4380@prime.gushi.org>
	<70e8236f0609191412p5779d94cqa16df5631f4de916@mail.gmail.com>
User-Agent: KMail/1.9.4
Cc: "Dan Mahoney, System Admin" <danm@prime.gushi.org>
Subject: Re: sshd brute force attempts?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Sep 2006 21:25:47 -0000

On Tuesday 19 September 2006 17:12, Joao Barros wrote:
> On 9/19/06, Dan Mahoney, System Admin <danm@prime.gushi.org> wrote:
> > Hey all,
> >
> > I've looked around and found several linux-centric things designed to
> > block brute-force SSH attempts.  Anyone out there know of something a bit
> > more BSD savvy?
> >
> > My best attempt will be to get this:
> >
> > http://www.csc.liv.ac.uk/~greg/sshdfilter/index_15.html
> >
> > running and adapt it.
> >
> > I've found a few things based on openBSD's pf, but that doesn't seem to
> > be the default in BSD either.
> >
> > Any response appreciated.
>
> I'm using BruteForceBlocker quite successfully.
> I take the opportunity to thank danger for it :-)
>
> http://www.freshports.org/security/bruteforceblocker/

I like to protect myself by hiding what I have, which will reduce the amount 
of direct or random attacks by a lot, then deal with attacks using tools 
(like bruteforceblocker). 

This is especially useful when attackers are using ip-range tools to scan 
common ports for their associated service.

Why keep sshd on port 22?

Nicolas

-- 
FreeBSD 7.0-CURRENT #0: Sun Sep 17 10:21:02 EDT 2006     
nicblais@clk01a:/usr/obj/usr/src/sys/CLK01A 
PGP? : http://www.clkroot.net/security/nb_root.asc