Date: Thu, 9 Jun 2005 16:35:04 +0200 From: Marcin Jessa <lists@yazzy.org> To: john@day-light.com Cc: freebsd-isp@freebsd.org Subject: Re: inbound ssh ceased on 4 servers at same time Message-ID: <20050609163504.45737ba4.lists@yazzy.org> In-Reply-To: <NHBBKEEMKJDINKDJBJHGMEFFJCAD.john@day-light.com> References: <20050609153856.2e349f42.lists@yazzy.org> <NHBBKEEMKJDINKDJBJHGMEFFJCAD.john@day-light.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi. I know of a patch which locks out ssh users after X unsecessfull attempts (with possibility of whitelisting). I think the guys from pfsense use it or at least have that patch somewhere. I thought OpenBSD had an option in sshd or/and pf for that as well. Thanks for the answer John. Cheers, Marcin. On Thu, 9 Jun 2005 08:56:33 -0500 "John Brooks" <john@day-light.com> wrote: > All traffic must pass thru the firewall in order to reach the > inside network. There are no nat redirect rules for port 22, so > all port 22 traffic is intercepted by the firewall. The only > way to reach interior hosts is to specifically log onto the firewall > and from the firewall ssh into the interior hosts. > > On some of my networks the firewall will only accept traffic from > specific hosts, dropping all others. (sshd is running on all hosts) > All of my firewalls are running hardened versions of OpenBSD. All > of the servers behind the firewalls are running FreeBSD. > > -- > John Brooks > john@day-light.com > > > -----Original Message----- > > From: Marcin Jessa [mailto:lists@yazzy.org] > > Sent: Thursday, June 09, 2005 8:39 AM > > To: john@day-light.com > > Cc: freebsd-isp@freebsd.org > > Subject: Re: inbound ssh ceased on 4 servers at same time > > > > > > Hi John, guys. > > > > On Sat, 4 Jun 2005 13:14:28 -0500 > > "John Brooks" <john@day-light.com> wrote: > > > > > Thanks, sounds good to do on the outward facing firewall. These > > > four freebsd boxes are protected behind an openbsd firewall so > > > none of the brute-force sshd attacks have ever reached them. > > > > How do you filter those brute-force attacks? > > Do you check existence of users on the actual server running sshd ? > > I get hundreds of those attacks every day. > > > > Cheers, > > Marcin Jessa. > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050609163504.45737ba4.lists>