Date: Thu, 9 Jun 2005 08:56:33 -0500 From: "John Brooks" <john@day-light.com> To: "Marcin Jessa" <lists@yazzy.org> Cc: freebsd-isp@freebsd.org Subject: RE: inbound ssh ceased on 4 servers at same time Message-ID: <NHBBKEEMKJDINKDJBJHGMEFFJCAD.john@day-light.com> In-Reply-To: <20050609153856.2e349f42.lists@yazzy.org>
next in thread | previous in thread | raw e-mail | index | archive | help
All traffic must pass thru the firewall in order to reach the inside network. There are no nat redirect rules for port 22, so all port 22 traffic is intercepted by the firewall. The only way to reach interior hosts is to specifically log onto the firewall and from the firewall ssh into the interior hosts. On some of my networks the firewall will only accept traffic from specific hosts, dropping all others. (sshd is running on all hosts) All of my firewalls are running hardened versions of OpenBSD. All of the servers behind the firewalls are running FreeBSD. -- John Brooks john@day-light.com > -----Original Message----- > From: Marcin Jessa [mailto:lists@yazzy.org] > Sent: Thursday, June 09, 2005 8:39 AM > To: john@day-light.com > Cc: freebsd-isp@freebsd.org > Subject: Re: inbound ssh ceased on 4 servers at same time > > > Hi John, guys. > > On Sat, 4 Jun 2005 13:14:28 -0500 > "John Brooks" <john@day-light.com> wrote: > > > Thanks, sounds good to do on the outward facing firewall. These > > four freebsd boxes are protected behind an openbsd firewall so > > none of the brute-force sshd attacks have ever reached them. > > How do you filter those brute-force attacks? > Do you check existence of users on the actual server running sshd ? > I get hundreds of those attacks every day. > > Cheers, > Marcin Jessa. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NHBBKEEMKJDINKDJBJHGMEFFJCAD.john>