Date: Tue, 4 Nov 2014 20:36:52 +0100 From: Charlie Root <root@ymer.thorshammare.org> To: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> Cc: freebsd-questions@freebsd.org Subject: Re: sshguard pf Message-ID: <20141104193652.GA3062@ymer.thorshammare.org> In-Reply-To: <44vbmv6kyp.fsf@lowell-desk.lan> References: <20141102154444.GA42429@ymer.thorshammare.org> <54581F0E.4080404@a1poweruser.com> <20141104110202.GA37003@ymer.thorshammare.org> <44vbmv6kyp.fsf@lowell-desk.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
--pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 04, 2014 at 10:31:42AM -0500, Lowell Gilbert wrote: > Hasse Hansson <hasse@thorshammare.org> writes: >=20 > > I'm aware of changing port for ssh, but I see it as a little bit of "gi= vingup" > > Gotta be some rather easy way of just blocking those attacks. Other tha= n blocking > > whole of CN and half of Asia. I've tried that too. It stopped the attac= ks and gave > > me some room to think it over. >=20 > Changing the port won't help you avoid attacks that might succeed, but > it will substantially reduce the clutter that you need to look through. >=20 > I don't do it because I've had problems with paranoid networks blocking > everything but a few special ports, where ssh is one of the allowed > ones, but I don't know if anybody's still doing anything that silly. >=20 > > But I still wonder why sshguard or pf don't block those attacks. > > shguard does it job on other probes, but not the root logins. PF doesn'= t seem > > to do much at all. >=20 > Firewalls won't help detect the attack. They can be used to keep someone > out once the attack has been detected. I don't know sshguard, so I can't > tell you why it isn't working for you, but there certainly are ports > that can do so. I use bruteblock, for example, but I know there are > several other options that do the same thing. Thank you all for your answers and effort to help. I'm interested in trying out bruteblock, but a little bit confused. ( not u= nusual ) Do "bruteblock" require me to run ipfw2 as my firewall ? <snip from pkg-descr> Bruteblock is written in pure C, doesn't use any external programs and work with ipfw2 tables via raw sockets API. </snip> /hasse --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUWSrUAAoJEDCDGDmNzjqcu4sP/R66MAKCsiBUxaILC9s+T/NH OwXwIOQvcG0Vx9N4VlKiHDpyecFCUMT+hj7Fn+byyuBX6ievt2p34frFFgHkGHO1 YZwGpaU98fJNdOzTCX1nK+8G/k4kePsTEkCDc4FBAjUqP6bY6dUCBWbaxsY1pcMb KFyLg8W0KUeQcyj73C1wOF7sIGYKToL35PoCK+pKwNdaQTyc4oQSahtyaRoV+7Rv kwY4xLpaIKE/SYKTDb5HgFziHTaypx1MGIdDdbi4xwTAYmjG5KOZFHYYwPtxcgDX Ki3o74gjQr8YYAyGb3FPz21fIbpMTeZStN6Hwylq8XsM7L69lN7pa6wy8haCjUOG 3hfIl+HlQ167EQD5HAQ5mNqsZi0YoTNTXgCTkAUUunSrNtcaABk3yyyXdBHl6HyH 0p408iYGAJ54elOGvF6cu7zlr8g5NRcRRBIdl3LMA46wm1I3dsrTgNmlzprI4HHa 5vlXSfqzlFq4V9HsH4vPR7f51Fm7q9UV1LOqlPAm7VSWIIRdRzekaDFQZACZmtV2 sLmhV0tSMCpAIVadkFV9dRslyis/Pgka+yFlzQ36Po0Milw2QwDpqOwrlz9eiBY2 lD0xAvM9bFpBc5n8EPxrZuOkWxM0CxNf8e4u5gaCjpZNkjdilB9UTVwNEKSpetrp xBVGy5G9Pyp7iiHpvQT1 =TVd/ -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141104193652.GA3062>