From owner-freebsd-isp@FreeBSD.ORG Thu Jun 9 14:35:08 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1556316A41C for ; Thu, 9 Jun 2005 14:35:08 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id A9EFF43D1F for ; Thu, 9 Jun 2005 14:35:07 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from localhost.localdomain (yazzy.yazzy.org [192.168.98.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yazzy.org (Postfix) with ESMTP id 4261839866; Thu, 9 Jun 2005 16:35:29 +0200 (CEST) Date: Thu, 9 Jun 2005 16:35:04 +0200 From: Marcin Jessa To: john@day-light.com Message-Id: <20050609163504.45737ba4.lists@yazzy.org> In-Reply-To: References: <20050609153856.2e349f42.lists@yazzy.org> Organization: YazzY.org X-Mailer: Sylpheed version 1.0.4 (GTK+ 1.2.10; i386-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: inbound ssh ceased on 4 servers at same time X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2005 14:35:08 -0000 Hi. I know of a patch which locks out ssh users after X unsecessfull attempts (with possibility of whitelisting). I think the guys from pfsense use it or at least have that patch somewhere. I thought OpenBSD had an option in sshd or/and pf for that as well. Thanks for the answer John. Cheers, Marcin. On Thu, 9 Jun 2005 08:56:33 -0500 "John Brooks" wrote: > All traffic must pass thru the firewall in order to reach the > inside network. There are no nat redirect rules for port 22, so > all port 22 traffic is intercepted by the firewall. The only > way to reach interior hosts is to specifically log onto the firewall > and from the firewall ssh into the interior hosts. > > On some of my networks the firewall will only accept traffic from > specific hosts, dropping all others. (sshd is running on all hosts) > All of my firewalls are running hardened versions of OpenBSD. All > of the servers behind the firewalls are running FreeBSD. > > -- > John Brooks > john@day-light.com > > > -----Original Message----- > > From: Marcin Jessa [mailto:lists@yazzy.org] > > Sent: Thursday, June 09, 2005 8:39 AM > > To: john@day-light.com > > Cc: freebsd-isp@freebsd.org > > Subject: Re: inbound ssh ceased on 4 servers at same time > > > > > > Hi John, guys. > > > > On Sat, 4 Jun 2005 13:14:28 -0500 > > "John Brooks" wrote: > > > > > Thanks, sounds good to do on the outward facing firewall. These > > > four freebsd boxes are protected behind an openbsd firewall so > > > none of the brute-force sshd attacks have ever reached them. > > > > How do you filter those brute-force attacks? > > Do you check existence of users on the actual server running sshd ? > > I get hundreds of those attacks every day. > > > > Cheers, > > Marcin Jessa. > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"