Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 May 2006 18:23:12 +0200
From:      Viktor Vasilev <viktor.vasilev@stud.tu-darmstadt.de>
To:        freebsd-pf@freebsd.org
Subject:   Re: promt solution with max-src-conn-rate
Message-ID:  <200605151823.17265.viktor.vasilev@stud.tu-darmstadt.de>
In-Reply-To: <55e8a96c0605150907k49af4454t5d0431ea036e11bc@mail.gmail.com>
References:  <44680266.2090007@azimut-tour.ru> <446873D3.7090703@azimut-tour.ru> <55e8a96c0605150907k49af4454t5d0431ea036e11bc@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
--nextPart1201643.hAShjM7gJN
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Monday 15 May 2006 18:07 Bill Marquette wrote:
> On 5/15/06, GreenX FreeBSD <freebsd@azimut-tour.ru> wrote:
> > > I'd advise against what you're trying to do. It won't make your box
> > > more secure.
> >
> > Why?
> > Simply so, on ssh you will not come any more.
> > If I am not mistaken, probability of that the scanner will begin the
> > check with "key" port,
> > and further at once will check up sshd is equal - 1 / (0xFFFF*0xFFFE).
> > If he will not make itthis, he can be caught on max-src-conn-rate
> > concerning public services,
> > and to put for his forward from all ports on ssh localhost.
>
> And you always connect from a trusted network?  Presumably the answer
> to this is no, else you'd just put rules in to allow the trusted
> network to connect.  Port-knocking is security through obscurity at
> it's best and at a minimum is wide open to replay attacks.
>
> If the concern is simply that you don't want someone brute forcing an
> account, force the use of SSH authorized keys.  Run a script watching
> the logs for anyone failing logins and add those addresses to a block
> list.

There is a nice and easy way to blocking ssh brute-force attempts with pf=20
only:

  http://legonet.org/~griffin/openbsd/block_ssh_bruteforce.html


Cheers,
Vik
=2D-=20
PGP Key: 0xE09DC8D8/6799 4011 EBDE 6412 05A1 090C DBDF 5887 E09D C8D8
Signed/encrypted mail welcome!

--nextPart1201643.hAShjM7gJN
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)

iD8DBQBEaKr1299Yh+CdyNgRAtazAJsErUhBbcBHkBUc/1HcPfXy9v/C4gCfdlrE
D/Ojr0MPxwTKF+LRZXkJAsk=
=s9Sm
-----END PGP SIGNATURE-----

--nextPart1201643.hAShjM7gJN--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605151823.17265.viktor.vasilev>