Date: Sat, 3 Oct 2009 23:56:54 +0930 From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: freebsd-hackers@freebsd.org Cc: jruohonen@iki.fi, krad <kraduk@googlemail.com> Subject: Re: Distributed SSH attack Message-ID: <200910032357.02207.doconnor@gsoft.com.au> In-Reply-To: <d36406630910030303j2e88046epa30f2a76b9ae1507@mail.gmail.com> References: <20091002201039.GA53034@flint.openpave.org> <20091003081335.GA19914@marx.net.bit> <d36406630910030303j2e88046epa30f2a76b9ae1507@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart3670453.vm8lei8oIr Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sat, 3 Oct 2009, krad wrote: > simplest this to do is disable password auth, and use key based. Your logs are still full of crap though. I find sshguard works well, and I am fairly sure you couldn't spoof a=20 valid TCP connection through pf sanitising so it would be difficult=20 (nigh-impossible?) for someone to cause you to block a legit IP. If you can, changing the port sshd runs on is by far the simplest work=20 around. Galling as it is to have to change stuff to work around=20 malicious assholes.. =2D-=20 Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C --nextPart3670453.vm8lei8oIr Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iD8DBQBKx1825ZPcIHs/zowRAhrZAKCH5XISuIqQoL//bD0vow5OPTfQWQCcDDlr FQaFma9NtcLmp4JqiTVhtaw= =oUaU -----END PGP SIGNATURE----- --nextPart3670453.vm8lei8oIr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910032357.02207.doconnor>