From owner-freebsd-security@FreeBSD.ORG  Thu Dec  3 04:23:25 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 06E42106566B
	for <freebsd-security@freebsd.org>;
	Thu,  3 Dec 2009 04:23:25 +0000 (UTC)
	(envelope-from brett@lariat.net)
Received: from lariat.net (lariat.net [66.119.58.2])
	by mx1.freebsd.org (Postfix) with ESMTP id 78F218FC13
	for <freebsd-security@freebsd.org>;
	Thu,  3 Dec 2009 04:23:24 +0000 (UTC)
Received: from anne-o1dpaayth1.lariat.net (IDENT:ppp1000.lariat.net@lariat.net
	[66.119.58.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id VAA04903;
	Wed, 2 Dec 2009 21:23:08 -0700 (MST)
Message-Id: <200912030423.VAA04903@lariat.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Wed, 02 Dec 2009 12:10:47 -0700
To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>, Mike Tancsa <mike@sentex.net>
From: Brett Glass <brett@lariat.net>
In-Reply-To: <18401.1259761888@critter.freebsd.dk>
References: <Your message of "Wed, 02 Dec 2009 08:25:08 EST."
	<200912021324.nB2DOc58001138@lava.sentex.ca>
	<18401.1259761888@critter.freebsd.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Mailman-Approved-At: Thu, 03 Dec 2009 05:19:35 +0000
Cc: freebsd-security@freebsd.org, Mohd Fazli Azran <mfazliazran@gmail.com>
Subject: Re: Increase in SSH attacks as of announcement of rtld bug 
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2009 04:23:25 -0000

At 06:51 AM 12/2/2009, Poul-Henning Kamp wrote:

>A very efficient measure:  Move your sshd to another port number.

This helps. However, I'd like to try single packet authentication, 
as it would likely work even better. (It's possible to find an SSH 
daemon on an unusual port with a port scan.) And it would have the 
advantage that it could be integrated directly into SSH daemons and clients.

--Brett Glass