Date: Wed, 21 Mar 2007 13:49:05 +0000 From: Richard Jones <freebsd-security@jonze.com> To: Bill Moran <wmoran@collaborativefusion.com> Cc: freebsd-security@freebsd.org Subject: Re: Reality check: IPFW sees SSH traffic that sshd does not? Message-ID: <20070321134905.GA27188@dogstar.jonze.com> In-Reply-To: <20070321092724.fd6f1541.wmoran@collaborativefusion.com> References: <20070321123033.GD31533@bunrab.catwhisker.org> <20070321092724.fd6f1541.wmoran@collaborativefusion.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 21, 2007 at 09:27:24AM -0400, Bill Moran wrote: > Not in my opinion. I run a little script I wrote that automatically adds > failed SSH attempts to a table that blocks them from _everything_ in my > pf rules. I figure if they're fishing for weak ssh passwords, their next > likely attack route might be HTTP or SMTP, so why wait. This is on my > personal server. Here where I work, we're even more strict. I had a similar set up, but it was quite clunky. Following advise from this list and others I now firewall port 22 to a few locations (e.g. work), and also run ssh on a high port. This doesn't necessarily make things any safer, but has reduced my log noise drastically. Regards, Richard Jones -- http://www.jonze.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070321134905.GA27188>