From owner-freebsd-questions@FreeBSD.ORG  Tue Nov  4 11:53:03 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4E461647
 for <freebsd-questions@freebsd.org>; Tue,  4 Nov 2014 11:53:03 +0000 (UTC)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0CB3D251
 for <freebsd-questions@freebsd.org>; Tue,  4 Nov 2014 11:53:02 +0000 (UTC)
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <freebsd-questions@m.gmane.org>) id 1XlcfM-0000lQ-9U
 for freebsd-questions@freebsd.org; Tue, 04 Nov 2014 12:52:52 +0100
Received: from vps.jonz.net ([216.17.42.59])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <freebsd-questions@freebsd.org>; Tue, 04 Nov 2014 12:52:52 +0100
Received: from SPAM_TRAP_gmane by vps.jonz.net with local (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <freebsd-questions@freebsd.org>; Tue, 04 Nov 2014 12:52:52 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-questions@freebsd.org
From: Jonesy <SPAM_TRAP_gmane@jonz.net>
Subject: Re: sshguard pf
Date: Tue, 4 Nov 2014 11:52:40 +0000 (UTC)
Lines: 17
Message-ID: <slrnm5hfga.1ngf.SPAM_TRAP_gmane@vps.jonz.net>
References: <20141102154444.GA42429@ymer.thorshammare.org>
 <54581F0E.4080404@a1poweruser.com>
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: vps.jonz.net
User-Agent: slrn/1.0.1 (FreeBSD)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2014 11:53:03 -0000

On Tue, 04 Nov 2014 08:34:22 +0800, Fbsd8 wrote:
>
> You are being attacked by script kiddies and bots, they scan a whole ip 
> address range looking for open port 22 and when its found they start 
> their login attack. 

> Changing ssh to use some other port number will stop 
> this attack all together. I changed ssh to use port '4422' 25 years ago 
> and no attacks since. 

+1

I changed the ssh port number here several years ago and the problem 
went from 50-100 per day (even _with_ sshguard) to zero, zip, zilch.

Jonesy