Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 15 Jan 2007 21:19:01 +0200
From:      Alexander Mogilny <sg@sg.org.ua>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Please Help! How to STOP them...
Message-ID:  <7B81A774-5A00-4D56-8363-3F7E96F0EECA@sg.org.ua>
In-Reply-To: <200701151705.l0FH5Utj085225@lurza.secnetix.de>
References:  <200701151705.l0FH5Utj085225@lurza.secnetix.de>

next in thread | previous in thread | raw e-mail | index | archive | help
On 15 =D1=8F=D0=BD=D0=B2. 2007, at 19:05, Oliver Fromme wrote:

> Gerard Seibert wrote:
>> Reko Turja wrote:
>>> Moving your sshd port somewhere else than 22 - the prepackaged
>>> "cracking" programs don't scan ports, just blindly try out the =20
>>> default
>>> port - with determined/skilled attacker it's different matter =20
>>> entirely
>>> though.
>>
>> Security through Obscurity is not true security at all. You are =20
>> simply
>> assuming that other ports are not being scanned.
>
> I don't think he's assuming that.  He is just suggesting an
> effective solution to the problem that hundreds of failed
> login attempts are filling the OP's logs and cron mails.
> He didn't claim that it increases security.
>
> In fact, I would also recommend to move the ssh service
> from port 22 to a different, non-standard port if possible.
> If you want, you can even have the sshd daemon listen on
> _both_ port 22 _and_ your non-standard port 122, and limit
> access to port 22 to a few well-known IP addresses, using
> a packet filter.  That way you diminish the usual "blind"
> attempts on port 22, but you can still login using the
> non-standard port if you happen to come from an unknown
> IP address, so you don't lock yourself out.
>
> Of course, it is important to understand that changing
> the port number will not significantly increase security.
> However, it might give you a slight advance when yet
> another ssh security bug is discovered and exploits start
> circulating while you're asleep.  Usually the first
> exploits are quick and dirty hacks which have port 22
> hardcoded, and most script kiddies who blindly scan
> random networks don't have enough clue to change it.  ;-)
>
> Of course, you still need to patch or update your sshd
> as quickly as possible if necessary, and you still need
> to use good passwords, or -- even better -- don't use
> passwords at all, but use key-based authentication.
> Another thing that might be useful are one-time passwords
> (OPIE), especially when you're connection from a foreign
> client such as a public terminal.
>
> Best regards
>    Oliver

It is quite correct but too paranoic. You may consider trying to use
security/bruteblock or security/bruteforceblocker. These programs are
very easy to configure and give you notifications on ssh bruteforce
attacks.

--=20
AIM-UANIC | AIM-RIPE  +-----[ FreeBSD ]-----+
Alexander Mogilny     | The Power to Serve! |
<> sg@sg.org.ua       +---------------------+






Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7B81A774-5A00-4D56-8363-3F7E96F0EECA>