From owner-freebsd-questions@FreeBSD.ORG Tue Apr 24 22:36:01 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B6CEA16A403 for ; Tue, 24 Apr 2007 22:36:01 +0000 (UTC) (envelope-from chris@vindaloo.com) Received: from corellia.vindaloo.com (corellia.vindaloo.com [64.51.148.100]) by mx1.freebsd.org (Postfix) with ESMTP id 8C93713C469 for ; Tue, 24 Apr 2007 22:35:59 +0000 (UTC) (envelope-from chris@vindaloo.com) Received: from [172.24.145.69] (endor.vindaloo.com [172.24.145.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by corellia.vindaloo.com (Postfix) with ESMTP id 98E685C8E; Tue, 24 Apr 2007 18:05:32 -0400 (EDT) Message-ID: <462E7F2A.10202@vindaloo.com> Date: Tue, 24 Apr 2007 18:05:30 -0400 From: Christopher Hilton User-Agent: Thunderbird 1.5.0.10 (Macintosh/20070221) MIME-Version: 1.0 To: User Questions References: <20070415200255.18e6ab3f.wmoran@potentialtech.com> <20070416184315.GA93730@idoru.cepheid.org> In-Reply-To: <20070416184315.GA93730@idoru.cepheid.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Defending against SSH attacks with pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2007 22:36:01 -0000 Erik Osterholm wrote: > On Sun, Apr 15, 2007 at 08:02:55PM -0400, Bill Moran wrote: >> There was some discussion on this list not too long ago, and someone >> asked if I was willing to make my pf config and the associated scripts >> I wrote for it public. I would have posted on the original thread, >> but I can't find it now. >> >> Here is the information: >> http://www.potentialtech.com/cms/node/16 >> >> First: I'm not sure if the group got to it and I'm posting to a very stale thread here but I've found that the best way to defeat these password scanning ssh bots is to disallow passwords allowing public/private key authentication in their stead. Unfortunately this isn't always possible. Bill's method is a very close second. Second: I love the simplicity of the stateless firewall rules in Bill's pf.conf. I may have to look at implementing that here. -- Chris -- __o "All I was doing was trying to get home from work." _`\<,_ -Rosa Parks ___(*)/_(*)___________________________________________________________ Christopher Sean Hilton pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14