Date: Sat, 2 Jan 2010 12:01:21 +0000 From: krad <kraduk@googlemail.com> To: J65nko <j65nko@gmail.com> Cc: David Rawling <djr@pdconsec.net>, "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org> Subject: Re: Blocking a slow-burning SSH bruteforce Message-ID: <d36406631001020401h2ad623e3q307b224886e24559@mail.gmail.com> In-Reply-To: <19861fba1001011207v5528665ct7c58db87031de947@mail.gmail.com> References: <4B3E0D11.1080101@pdconsec.net> <4B3E0FBD.2010605@sbcglobal.net> <4B3E1295.9050902@pdconsec.net> <4B3E2C0F.4060408@unsane.co.uk> <19861fba1001011207v5528665ct7c58db87031de947@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2010/1/1 J65nko <j65nko@gmail.com> > After some posts a discussion on the freebsd-table mailing list goes into > several approaches to deal with these SSH probes. > > See > http://lists.freebsd.org/pipermail/freebsd-stable/2009-December/053326.html > > You still could allow outgoing ssh traffic on port 22 and allow > incoming SSH on another port. > > Adriaan > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > one thing i have done in the past is severly lock down ssh to a small set of ips with pf. I then ran openvpn to allow me to access from random places, and left the acl on that fairly loose. Everything was also based on keys and certs. Another way to do it is purchase a cheap shell somewhere, and use it to bounce off to get to your box. Your machine can then be acl'ed up well. Make sure to use agent forwarding though just in case anyone is running key logging etc on the remote shell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d36406631001020401h2ad623e3q307b224886e24559>