From owner-freebsd-questions@FreeBSD.ORG  Mon Nov 13 20:25:46 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B092316A492
	for <freebsd-questions@freebsd.org>;
	Mon, 13 Nov 2006 20:25:46 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from strange.daemonsecurity.com
	(59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2F165440CC
	for <freebsd-questions@freebsd.org>;
	Mon, 13 Nov 2006 20:18:31 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [10.35.4.65] (65.4-35-10-static.chueca.wifi [10.35.4.65])
	by strange.daemonsecurity.com (Postfix) with ESMTP id 0FAE72E05C;
	Mon, 13 Nov 2006 21:18:26 +0100 (CET)
Message-ID: <4558D2A3.50904@locolomo.org>
Date: Mon, 13 Nov 2006 21:16:35 +0100
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Thunderbird 1.5.0.7 (X11/20061022)
MIME-Version: 1.0
To: "Leo L. Schwab" <ewhac@best.com>
References: <20061113060528.GA7646@best.com>
In-Reply-To: <20061113060528.GA7646@best.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Blocking SSH Brute-Force Attacks: What Am I Doing Wrong?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2006 20:25:46 -0000

Leo L. Schwab wrote:
> 	I recently installed FreeBSD 6.1 on my gateway.  It replaced an
> installation of FreeBSD 4.6.8 (fresh install, not an upgrade) on which I had
> disabled the SSH server.  Since all the bugs in SSH are fixed now ( :-) ), I
> thought I'd leave the server on, and am somewhat dismayed to discover that I
> now get occasional brute-force/dictionary attacks on the port.

Whichever service you have running, if you look in the log you will find 
attempts of attack, ssh is no different, it's a target.

Honestly, I wouldn't worry about it: review your config and make some 
simple choices to reduce the noise, see this article:

   http://www.securityfocus.com/infocus/1876

Rather than reposting myself - this issue is regularly debated, I think 
last time (or last time I participated) was debated 19-09-2006. Check 
the archive.

Cheers, Erik

-- 
Ph: +34.666334818                      web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9