Date: Sat, 3 Oct 2009 11:13:35 +0300 From: Jukka Ruohonen <jruohonen@iki.fi> To: freebsd-hackers@freebsd.org Subject: Re: Distributed SSH attack Message-ID: <20091003081335.GA19914@marx.net.bit> In-Reply-To: <4AC66E07.4030605@FreeBSD.org> References: <20091002201039.GA53034@flint.openpave.org> <4AC66E07.4030605@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 02, 2009 at 05:17:59PM -0400, Greg Larkin wrote: > You could set up DenyHosts and contribute to the pool of IPs that are > attempting SSH logins on the Net: > http://denyhosts.sourceforge.net/faq.html#4_0 While I am well aware that a lot of people use DenyHosts or some equivalent tool, I've always been somewhat skeptical about these tools. Few issues: 1. Firewalls should generally be as static as is possible. There is a reason why high securelevel prevents modifications to firewalls. 2. Generally you do not want some parser to modify your firewall rules. Parsing log entries created by remote unauthenticated users as root is never a good idea. 3. Doing (2) increases the attack surface. 4. There have been well-documented cases where (3) has opened opportunities for both remote and local DoS. Two cents, as they say, Jukka.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091003081335.GA19914>