From owner-freebsd-hackers@FreeBSD.ORG Sat Oct 3 10:03:30 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AE15C106568D for ; Sat, 3 Oct 2009 10:03:30 +0000 (UTC) (envelope-from kraduk@googlemail.com) Received: from mail-fx0-f222.google.com (mail-fx0-f222.google.com [209.85.220.222]) by mx1.freebsd.org (Postfix) with ESMTP id 39C018FC0C for ; Sat, 3 Oct 2009 10:03:29 +0000 (UTC) Received: by fxm22 with SMTP id 22so1840766fxm.36 for ; Sat, 03 Oct 2009 03:03:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=832nfsIRUCDkB358iU+fR7ZoBjbH/WfLG2NhdmO8yZo=; b=kh/Pls8faa0B0A3GcKw+UcWA6oA9k2obqwhp3QaoZJ2+AB4RTj1jmZQAlE381Jbted Uj/k/MYrb/iFh0EiM/DJcj9KfHZ2Lw+RU+OR8pcskiZ/zS2aBi3R4Cqh0F7RjubxAscb I0vC/MNvbGSY4ISZKR4XmlSMtccLKK/IEijNM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=bckNswAhOiWX6UVhUBAjd4OA3jR6zdSIWArQRPytD+aEGOiQw6Imwfk/NBm0vVTUPY dVCldzRcaVnPbvLNmRS4dzSOSE1ffMGo8Uh9OHJJpcXcbaOsuy1y/Alj7swZSL0OTBSF EHKYbbNxLCAxYpEr7DMP+QKEbfllwkHTCX6Q8= MIME-Version: 1.0 Received: by 10.239.139.39 with SMTP id r39mr323744hbr.116.1254564209180; Sat, 03 Oct 2009 03:03:29 -0700 (PDT) In-Reply-To: <20091003081335.GA19914@marx.net.bit> References: <20091002201039.GA53034@flint.openpave.org> <4AC66E07.4030605@FreeBSD.org> <20091003081335.GA19914@marx.net.bit> Date: Sat, 3 Oct 2009 11:03:29 +0100 Message-ID: From: krad To: jruohonen@iki.fi, freebsd-hackers@freebsd.org X-Mailman-Approved-At: Sat, 03 Oct 2009 13:21:11 +0000 Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Distributed SSH attack X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Oct 2009 10:03:30 -0000 2009/10/3 Jukka Ruohonen > On Fri, Oct 02, 2009 at 05:17:59PM -0400, Greg Larkin wrote: > > You could set up DenyHosts and contribute to the pool of IPs that are > > attempting SSH logins on the Net: > > http://denyhosts.sourceforge.net/faq.html#4_0 > > While I am well aware that a lot of people use DenyHosts or some equivalent > tool, I've always been somewhat skeptical about these tools. Few issues: > > 1. Firewalls should generally be as static as is possible. There is a > reason > why high securelevel prevents modifications to firewalls. > > 2. Generally you do not want some parser to modify your firewall rules. > Parsing log entries created by remote unauthenticated users as root is > never a good idea. > > 3. Doing (2) increases the attack surface. > > 4. There have been well-documented cases where (3) has opened opportunities > for both remote and local DoS. > > Two cents, as they say, > > Jukka. > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > simplest this to do is disable password auth, and use key based.