From owner-freebsd-stable@FreeBSD.ORG  Tue Dec 29 11:53:11 2009
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DFCFB1065692
	for <freebsd-stable@freebsd.org>; Tue, 29 Dec 2009 11:53:11 +0000 (UTC)
	(envelope-from ronald-freebsd8@klop.yi.org)
Received: from smtp-out2.tiscali.nl (smtp-out2.tiscali.nl [195.241.79.177])
	by mx1.freebsd.org (Postfix) with ESMTP id 993048FC0A
	for <freebsd-stable@freebsd.org>; Tue, 29 Dec 2009 11:53:11 +0000 (UTC)
Received: from [212.123.145.58] (helo=sjakie.klop.ws)
	by smtp-out2.tiscali.nl with esmtp (Exim)
	(envelope-from <ronald-freebsd8@klop.yi.org>)
	id 1NPadS-0005dq-Cv; Tue, 29 Dec 2009 12:53:10 +0100
Received: from 82-170-177-25.ip.telfort.nl (localhost [127.0.0.1])
	by sjakie.klop.ws (Postfix) with ESMTP id 5C1F11512F;
	Tue, 29 Dec 2009 12:52:48 +0100 (CET)
Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes
To: "Edwin Groothuis" <edwin@mavetju.org>, "Andresen, Jason R."
	<jandrese@mitre.org>
References: <bd52e0bd614fbaffcf8c9ff9da35286e@mail.isot.com>
	<4B20B509.4050501@yahoo.it>
	<600C0C33850FFE49B76BDD81AED4D25801371D8056@IMCMBX3.MITRE.ORG>
	<ce92ed41260c438977298c2cf9dd1e3f.HRCIM@webmail.1command.com>
	<600C0C33850FFE49B76BDD81AED4D25801371D8737@IMCMBX3.MITRE.ORG>
	<20091229114536.GA2409@mavetju.org>
Date: Tue, 29 Dec 2009 12:52:48 +0100
MIME-Version: 1.0
From: "Ronald Klop" <ronald-freebsd8@klop.yi.org>
Message-ID: <op.u5o7aazb8527sy@82-170-177-25.ip.telfort.nl>
In-Reply-To: <20091229114536.GA2409@mavetju.org>
User-Agent: Opera Mail/10.10 (FreeBSD)
Content-Transfer-Encoding: quoted-printable
Cc: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org>,
	Chris H <chris#@1command.com>
Subject: Re: Hacked - FreeBSD 7.1-Release
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Dec 2009 11:53:12 -0000

On Tue, 29 Dec 2009 12:45:36 +0100, Edwin Groothuis <edwin@mavetju.org> =20
wrote:

> On Mon, Dec 28, 2009 at 10:44:41AM -0500, Andresen, Jason R. wrote:
>> The point is, if your machine is on the internet, then bots are
>> going to try password attacks on any open port they can find.  It's
>> just the sad fact of life on the current internet.  Unfortunately,
>> this activity will also make it much more difficult to determine
>> when you are under attack from an actual person, which was my point
>> earlier.  It's one that is not going to be easy to solve either,
>> unless you're willing to rewrite SSH to require every connection
>> attempt to pass a Turing test or something.

The turing test is a private/public key with a passphrase. And disable =20
passwords.

> On all systems which need to be accessible from the public Internet:
> Run sshd on port 22 and port 8022. Block incoming traffic on port
> 22 on your firewall.
>
> Everybody coming from the outside world needs to know it is running
> on port 8022. Everybody coming from the inside world has access as
> normal.
>
> Edwin