Date: Fri, 22 Aug 2008 10:01:09 +1000 From: Norberto Meijome <freebsd@meijome.net> To: freebsd-stable@freebsd.org Subject: Re: machine hangs on occasion - correlated with ssh break-in attempts Message-ID: <20080822100109.2a85c431@ayiin> In-Reply-To: <20080821200309.GA19634@eos.sc1.parodius.com> References: <48ADA81E.7090106@aldan.algebra.com> <20080821200309.GA19634@eos.sc1.parodius.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 21 Aug 2008 13:03:09 -0700
Jeremy Chadwick <koitsu@FreeBSD.org> wrote:
> A different approach: consider putting sshd on a different port, rather
> than the default of 22. A lot of people I know do this, solely to
> decrease the number of brute-force attempts you see above; I've never
> seen any of those brute-force attacking programs portscan, then attack
> against a port which returns a OpenSSH string.
+1 - obscurity definitely doesn't ADD to security , but it removes all the noise from your system.
Alternatively, you try port knocking ;)
> Finally, consider moving to pf instead, if you really feel ipfw is
> what's causing your machine to crash. You might be pleasantly surprised
> by the syntax, and overall administrative usability (it is significantly
> superior to ipfw, IMHO).
+1
_________________________
{Beto|Norberto|Numard} Meijome
If Bill Gates had a dollar for every time a Windows box crashed...
.. Oh, wait a minute, he already does.
I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080822100109.2a85c431>