Date: Mon, 12 Feb 2007 22:04:43 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Robert C Wittig" <wittig.robert@sbcglobal.net>, <freebsd-questions@freebsd.org> Subject: Re: Onpening and Closing ports Message-ID: <000401c74f34$dbbd52e0$3c01a8c0@coolf89ea26645> References: <45CEC7A4.7030802@ephgroup.com> <45D0E1E9.1090301@sbcglobal.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Robert C Wittig" <wittig.robert@sbcglobal.net> To: <freebsd-questions@freebsd.org> Sent: Monday, February 12, 2007 1:53 PM Subject: Re: Onpening and Closing ports > Dave Carrera wrote: > > Hi All, > > > > Had a little nasty person trying to break my sshd on port 22. > > > > I need to change and open a new port for sshd but i do not know how. > > > > Can one of you kind people help me with this please > > > > Many kind regards > > > > Instead of changing the sshd port, I set a PF rule that only permits > port 22 logins from a specific list of IP addresses, where I expect ssh > logins from. > > This would definitely not work on a production machine, with a lot of > people logging in from random IP's, Au-contraire! We are finding with production systems that the cracking attacks are getting so bad that we are starting to recommend to corporate customers that they do exactly that! These days when we setup a new corporate network there's only ONE port on the firewall that is open to the outside - the VPN port, whatever that may be. (usually IPSec vpns but MS PPTP is also still quite popular) Everything else is restricted to specificed source IP number. Any road warriors out there either have to VPN in then go to where they want, or they have to be coming from a static IP number. Their websites are never hosted on inside servers. Either they are hosted at our NOC or they are on a DMZ network that is outside their LAN, and the website carries nothing of value on it - because the expectation is that ultimately it will be broken into and destroyed by a cracker. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000401c74f34$dbbd52e0$3c01a8c0>