Date: Sat, 18 Sep 2004 18:28:19 -0400 From: Peter Radcliffe <pir@pir.net> To: "freebsd-security@FreeBSD.ORG" <freebsd-security@freebsd.org> Subject: Re: Attacks on ssh port Message-ID: <20040918222819.GG20449@pir.net> In-Reply-To: <414CB5EF.7080901@withagen.nl> References: <414C2798.7060509@withagen.nl> <6917b781040918103077c76f0c@mail.gmail.com> <414CAC56.8020601@withagen.nl> <6917b781040918150446b7dada@mail.gmail.com> <414CB5EF.7080901@withagen.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Willem Jan Withagen <wjw@withagen.nl> probably said: > I also have portsentry in a rather sensitive mode doing exactly the same > thing. > Trigger one of the "backdoor" ports, and you're out of my game. The general problm with this type of reactive filtering is that if someone can spoof the source addresses effectively or cause a connection from a legitimate host you've just DoSed yourself... Personally I only allow ssh from known legitimate sources and block the rest so the "noise" is in a completely different list. P. -- pir
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040918222819.GG20449>