Date: Mon, 15 May 2006 18:23:12 +0200 From: Viktor Vasilev <viktor.vasilev@stud.tu-darmstadt.de> To: freebsd-pf@freebsd.org Subject: Re: promt solution with max-src-conn-rate Message-ID: <200605151823.17265.viktor.vasilev@stud.tu-darmstadt.de> In-Reply-To: <55e8a96c0605150907k49af4454t5d0431ea036e11bc@mail.gmail.com> References: <44680266.2090007@azimut-tour.ru> <446873D3.7090703@azimut-tour.ru> <55e8a96c0605150907k49af4454t5d0431ea036e11bc@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1201643.hAShjM7gJN Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 15 May 2006 18:07 Bill Marquette wrote: > On 5/15/06, GreenX FreeBSD <freebsd@azimut-tour.ru> wrote: > > > I'd advise against what you're trying to do. It won't make your box > > > more secure. > > > > Why? > > Simply so, on ssh you will not come any more. > > If I am not mistaken, probability of that the scanner will begin the > > check with "key" port, > > and further at once will check up sshd is equal - 1 / (0xFFFF*0xFFFE). > > If he will not make itthis, he can be caught on max-src-conn-rate > > concerning public services, > > and to put for his forward from all ports on ssh localhost. > > And you always connect from a trusted network? Presumably the answer > to this is no, else you'd just put rules in to allow the trusted > network to connect. Port-knocking is security through obscurity at > it's best and at a minimum is wide open to replay attacks. > > If the concern is simply that you don't want someone brute forcing an > account, force the use of SSH authorized keys. Run a script watching > the logs for anyone failing logins and add those addresses to a block > list. There is a nice and easy way to blocking ssh brute-force attempts with pf=20 only: http://legonet.org/~griffin/openbsd/block_ssh_bruteforce.html Cheers, Vik =2D-=20 PGP Key: 0xE09DC8D8/6799 4011 EBDE 6412 05A1 090C DBDF 5887 E09D C8D8 Signed/encrypted mail welcome! --nextPart1201643.hAShjM7gJN Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQBEaKr1299Yh+CdyNgRAtazAJsErUhBbcBHkBUc/1HcPfXy9v/C4gCfdlrE D/Ojr0MPxwTKF+LRZXkJAsk= =s9Sm -----END PGP SIGNATURE----- --nextPart1201643.hAShjM7gJN--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605151823.17265.viktor.vasilev>