Date: Sat, 3 Oct 2009 23:56:54 +0930 From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: freebsd-hackers@freebsd.org Cc: jruohonen@iki.fi, krad <kraduk@googlemail.com> Subject: Re: Distributed SSH attack Message-ID: <200910032357.02207.doconnor@gsoft.com.au> In-Reply-To: <d36406630910030303j2e88046epa30f2a76b9ae1507@mail.gmail.com> References: <20091002201039.GA53034@flint.openpave.org> <20091003081335.GA19914@marx.net.bit> <d36406630910030303j2e88046epa30f2a76b9ae1507@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sat, 3 Oct 2009, krad wrote: > simplest this to do is disable password auth, and use key based. Your logs are still full of crap though. I find sshguard works well, and I am fairly sure you couldn't spoof a valid TCP connection through pf sanitising so it would be difficult (nigh-impossible?) for someone to cause you to block a legit IP. If you can, changing the port sshd runs on is by far the simplest work around. Galling as it is to have to change stuff to work around malicious assholes.. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iD8DBQBKx1825ZPcIHs/zowRAhrZAKCH5XISuIqQoL//bD0vow5OPTfQWQCcDDlr FQaFma9NtcLmp4JqiTVhtaw= =oUaU -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910032357.02207.doconnor>