From owner-freebsd-stable@FreeBSD.ORG  Tue Dec 29 11:45:38 2009
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 331181065693
	for <freebsd-stable@freebsd.org>; Tue, 29 Dec 2009 11:45:38 +0000 (UTC)
	(envelope-from edwin@mavetju.org)
Received: from k7.mavetju.org (unknown
	[IPv6:2001:44b8:7bf1:a51:20f:eaff:fe2c:d518])
	by mx1.freebsd.org (Postfix) with ESMTP id 8C2EF8FC1D
	for <freebsd-stable@freebsd.org>; Tue, 29 Dec 2009 11:45:37 +0000 (UTC)
Received: by k7.mavetju.org (Postfix, from userid 1001)
	id 4B6AD45189; Tue, 29 Dec 2009 22:45:36 +1100 (EST)
Date: Tue, 29 Dec 2009 22:45:36 +1100
From: Edwin Groothuis <edwin@mavetju.org>
To: "Andresen, Jason R." <jandrese@mitre.org>
Message-ID: <20091229114536.GA2409@mavetju.org>
References: <bd52e0bd614fbaffcf8c9ff9da35286e@mail.isot.com>
	<4B20B509.4050501@yahoo.it>
	<600C0C33850FFE49B76BDD81AED4D25801371D8056@IMCMBX3.MITRE.ORG>
	<ce92ed41260c438977298c2cf9dd1e3f.HRCIM@webmail.1command.com>
	<600C0C33850FFE49B76BDD81AED4D25801371D8737@IMCMBX3.MITRE.ORG>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <600C0C33850FFE49B76BDD81AED4D25801371D8737@IMCMBX3.MITRE.ORG>
User-Agent: Mutt/1.4.2.3i
Cc: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org>,
	Chris H <chris#@1command.com>
Subject: Re: Hacked - FreeBSD 7.1-Release
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Dec 2009 11:45:38 -0000

On Mon, Dec 28, 2009 at 10:44:41AM -0500, Andresen, Jason R. wrote:
> The point is, if your machine is on the internet, then bots are
> going to try password attacks on any open port they can find.  It's
> just the sad fact of life on the current internet.  Unfortunately,
> this activity will also make it much more difficult to determine
> when you are under attack from an actual person, which was my point
> earlier.  It's one that is not going to be easy to solve either,
> unless you're willing to rewrite SSH to require every connection
> attempt to pass a Turing test or something.

On all systems which need to be accessible from the public Internet:
Run sshd on port 22 and port 8022. Block incoming traffic on port
22 on your firewall.

Everybody coming from the outside world needs to know it is running
on port 8022. Everybody coming from the inside world has access as
normal.

Edwin
-- 
Edwin Groothuis		Website: http://www.mavetju.org/
edwin@mavetju.org	Weblog:  http://www.mavetju.org/weblog/