From owner-freebsd-security@FreeBSD.ORG  Sat Sep 18 16:38:40 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 717F016A50F
	for <freebsd-security@freebsd.org>;
	Sat, 18 Sep 2004 16:38:40 +0000 (GMT)
Received: from mail.xensia.net (colo1.xensia.net [217.158.173.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EFA1143D49
	for <freebsd-security@freebsd.org>;
	Sat, 18 Sep 2004 16:38:39 +0000 (GMT)
	(envelope-from listsucker@ipv5.net)
Received: from 81-174-3-174.f5.ngi.it ([81.174.3.174] helo=godzilla)
	by mail.xensia.net with asmtp (TLSv1:DES-CBC3-SHA:168)
	id 1C8iER-000PcN-00; Sat, 18 Sep 2004 17:38:39 +0100
Date: Sat, 18 Sep 2004 18:37:15 +0200
From: Frankye - ML <listsucker@ipv5.net>
To: freebsd-security@freebsd.org
Message-ID: <20040918183715.26098016@godzilla>
In-Reply-To: <20040918142955.61586.qmail@web51007.mail.yahoo.com>
References: <20040918161431.53a63dd3@godzilla>
	<20040918142955.61586.qmail@web51007.mail.yahoo.com>
X-Mailer: Sylpheed-Claws 0.9.12a (GTK+ 1.2.10; i386-portbld-freebsd4.10)
X-Face: =3I@Jvohf91[b8M]~KUNFaCt}pnTO2K^E#_P4`uCU]D"pHw<vv.g[XV?Zpoi"<2\iSqtx8mg!7,l,"Fw+yCvy[a&<$zz=zGwFX0d4QIxc-e}"VNP-/=W`*P4mM2tYl;s"b=.dOsO3?zC==4G}GWr7-EZxIcVm^6snu=b<'A_g?!)eS~JFGthz?vhiuiFfkl!M?T}m-D*=R
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: Attacks on ssh port
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Sep 2004 16:38:40 -0000

On Sun, 19 Sep 2004 00:29:55 +1000 (EST)
Chris Ryan <chrisryanemail@yahoo.com.au> wrote:

|  > 
| > I've just moved the public port of the sshd on
| > another port, quite lame
| > but at least I'm not bothered by worms :)
| 
| 
| i believe this has to be one of the simplest ways of
| stopping incoming ssh attacks.

Of course, this is just to stop mindless (and quite lame in this case)
worms to fill my logs. It's almost-nonexistent impact on the complexity of
the system, and almost all the scans (by worms or people with a
portscanner) directed to ssh I've ever received are directed to 22 only.
This, btw, seems to be the case with all the people I've speaked with on
the subject, so I guess it's a good addition to the usual precautions
(disallow certain users, do not use passwords and so on, guess everyone
has a favorite receipt :)

Frankye

-- 
Frankye Fattarelli               |U| |P| |S|F|
frankye.DIESPAMMERSDIE@ipv5.net  |R| |S| |Y|I|
this email is RFC 3514 compliant |G| |H| |N|N|