From owner-freebsd-questions@FreeBSD.ORG Fri Mar 31 15:38:45 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 034EF16A42D for ; Fri, 31 Mar 2006 15:38:45 +0000 (UTC) (envelope-from fbsd_user@a1poweruser.com) Received: from mta13.adelphia.net (mta13.adelphia.net [68.168.78.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68B5A43D4C for ; Fri, 31 Mar 2006 15:38:44 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([70.39.69.56]) by mta13.adelphia.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with SMTP id <20060331153843.PYKD3381.mta13.adelphia.net@barbish>; Fri, 31 Mar 2006 10:38:43 -0500 From: "fbsd_user" To: "nawcom" , Date: Fri, 31 Mar 2006 10:38:43 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Cc: Subject: RE: ipfw secure setup for ssh bruteforcers X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Mar 2006 15:38:45 -0000 The facts of life is script kiddies and robots roll through ranges of ip address looking for open ssh ports and then mount a attack. There is nothing you can do about this except change the port number ssh uses to some high port number so they do not find you. Here is document to explain how to do that in detail. http://elibrary.fultus.com/technical/index.jsp?topic=/com.fultus.doc s.software/books/ssh_how-to/cover.html -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of nawcom Sent: Tuesday, March 28, 2006 2:12 PM To: freebsd-questions@freebsd.org Subject: ipfw secure setup for ssh bruteforcers I have a pretty good setup with ipfw, and theres always dickheads constantly trying to get in - mostly through old microsoft and ssh1/2 exploits with certain usernames and passwords. I pretty much add their ip to a protected ban list (after 5 tries) which bans them from the entire server. >From any professionals, what is the most effective technique that i should use to take care of these kiddies other than a complete ban? Is my technique good or is it oversecure? An admin said that doing this can be bad, especially when the kiddy is connected to a large network like a company or university; I may block other people who aren't guilty of the act. (which makes sense) I use the up do date ssh so any exploits are either patched up or will be patched when they're discovered, so holes in the program shouldn't be in issue. any replies would be wonderful, Thanks, Ben -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." --- Benjamin Franklin _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"