From owner-freebsd-questions@FreeBSD.ORG Mon Jan 15 20:04:32 2007 Return-Path: X-Original-To: freebsd-questions@FreeBSD.ORG Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2AE5616A412 for ; Mon, 15 Jan 2007 20:04:32 +0000 (UTC) (envelope-from sg@sg.org.ua) Received: from relay01.kiev.sovam.com (relay01.kiev.sovam.com [62.64.120.200]) by mx1.freebsd.org (Postfix) with ESMTP id D1A7A13C442 for ; Mon, 15 Jan 2007 20:04:31 +0000 (UTC) (envelope-from sg@sg.org.ua) Received: from [85.223.145.230] (helo=tbilisi.kiev.ua) by relay01.kiev.sovam.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.60) (envelope-from ) id 1H6XMe-0009Ls-FC for freebsd-questions@FreeBSD.ORG; Mon, 15 Jan 2007 21:19:36 +0200 Received: from arrogating.juice.volia.net ([77.122.113.187] helo=[192.168.0.2]) by tbilisi.kiev.ua with esmtpa (Exim 4.63 (FreeBSD)) (envelope-from ) id 1H6XSz-000I2M-RN for freebsd-questions@FreeBSD.ORG; Mon, 15 Jan 2007 21:26:01 +0200 Mime-Version: 1.0 (Apple Message framework v752.3) In-Reply-To: <200701151705.l0FH5Utj085225@lurza.secnetix.de> References: <200701151705.l0FH5Utj085225@lurza.secnetix.de> Content-Type: text/plain; charset=UTF-8; delsp=yes; format=flowed Message-Id: <7B81A774-5A00-4D56-8363-3F7E96F0EECA@sg.org.ua> Content-Transfer-Encoding: quoted-printable From: Alexander Mogilny Date: Mon, 15 Jan 2007 21:19:01 +0200 To: freebsd-questions@FreeBSD.ORG X-Mailer: Apple Mail (2.752.3) X-Scanner-Signature: 6dc4245230f22f3abb357b69a6da667e X-DrWeb-checked: yes X-SpamTest-Envelope-From: sg@sg.org.ua X-SpamTest-Group-ID: 00000000 X-SpamTest-Info: Profiles 688 [Jan 15 2007] X-SpamTest-Info: helo_type=3 X-SpamTest-Info: {relay has no DNS name} X-SpamTest-Info: {received from trusted relay: not dialup} X-SpamTest-Method: none X-SpamTest-Method: Local Lists X-SpamTest-Rate: 40 X-SpamTest-Status: Not detected X-SpamTest-Status-Extended: not_detected X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0255], KAS30/Release Cc: Subject: Re: Please Help! How to STOP them... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jan 2007 20:04:32 -0000 On 15 =D1=8F=D0=BD=D0=B2. 2007, at 19:05, Oliver Fromme wrote: > Gerard Seibert wrote: >> Reko Turja wrote: >>> Moving your sshd port somewhere else than 22 - the prepackaged >>> "cracking" programs don't scan ports, just blindly try out the =20 >>> default >>> port - with determined/skilled attacker it's different matter =20 >>> entirely >>> though. >> >> Security through Obscurity is not true security at all. You are =20 >> simply >> assuming that other ports are not being scanned. > > I don't think he's assuming that. He is just suggesting an > effective solution to the problem that hundreds of failed > login attempts are filling the OP's logs and cron mails. > He didn't claim that it increases security. > > In fact, I would also recommend to move the ssh service > from port 22 to a different, non-standard port if possible. > If you want, you can even have the sshd daemon listen on > _both_ port 22 _and_ your non-standard port 122, and limit > access to port 22 to a few well-known IP addresses, using > a packet filter. That way you diminish the usual "blind" > attempts on port 22, but you can still login using the > non-standard port if you happen to come from an unknown > IP address, so you don't lock yourself out. > > Of course, it is important to understand that changing > the port number will not significantly increase security. > However, it might give you a slight advance when yet > another ssh security bug is discovered and exploits start > circulating while you're asleep. Usually the first > exploits are quick and dirty hacks which have port 22 > hardcoded, and most script kiddies who blindly scan > random networks don't have enough clue to change it. ;-) > > Of course, you still need to patch or update your sshd > as quickly as possible if necessary, and you still need > to use good passwords, or -- even better -- don't use > passwords at all, but use key-based authentication. > Another thing that might be useful are one-time passwords > (OPIE), especially when you're connection from a foreign > client such as a public terminal. > > Best regards > Oliver It is quite correct but too paranoic. You may consider trying to use security/bruteblock or security/bruteforceblocker. These programs are very easy to configure and give you notifications on ssh bruteforce attacks. --=20 AIM-UANIC | AIM-RIPE +-----[ FreeBSD ]-----+ Alexander Mogilny | The Power to Serve! | <> sg@sg.org.ua +---------------------+