Date: Fri, 14 Feb 2020 15:34:03 -0500 From: Mike Kelly <pioto@pioto.org> To: Joey Kelly <joey@joeykelly.net> Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org Subject: Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd Message-ID: <CAFb0Ns%2BsjAizDdu5FVEM-MJOVmmzGvW8Xu2HSUynKSWc3zBRxw@mail.gmail.com> In-Reply-To: <4627295.A1yGqSNMk2@deborah> References: <CAPyFy2Die2tynFM3m3-5zBtWAOpHf-QHY-bE2JY7KKGiP8Tz_Q@mail.gmail.com> <4627295.A1yGqSNMk2@deborah>
next in thread | previous in thread | raw e-mail | index | archive | help
security/py-fail2ban in ports is a good alternative. Can be combined with pf and the like to have a similar effect. On Fri, Feb 14, 2020, 3:27 PM Joey Kelly <joey@joeykelly.net> wrote: > On Friday, February 14, 2020 01:18:44 PM Ed Maste wrote: > > Upstream OpenSSH-portable removed libwrap support in version 6.7, > > released in October 2014. We've maintained a patch in our tree to > > restore it, but it causes friction on each OpenSSH update and may > > introduce security vulnerabilities not present upstream. It's (past) > > time to remove it. > > > So color me ignorant, but how does this affect things like DenyHosts? Or > is > there an in-application way to block dictionary attacks? I can't go back > to > having my servers pounded on day and night (and yes, I listed on an > alternative port). > > -- > Joey Kelly > Minister of the Gospel and Linux Consultant > http://joeykelly.net > 504-239-6550 > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFb0Ns%2BsjAizDdu5FVEM-MJOVmmzGvW8Xu2HSUynKSWc3zBRxw>