Date: Tue, 04 Nov 2014 10:31:42 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: Hasse Hansson <hasse@thorshammare.org> Cc: freebsd-questions@freebsd.org Subject: Re: sshguard pf Message-ID: <44vbmv6kyp.fsf@lowell-desk.lan> In-Reply-To: <20141104110202.GA37003@ymer.thorshammare.org> (Hasse Hansson's message of "Tue, 4 Nov 2014 12:02:02 %2B0100") References: <20141102154444.GA42429@ymer.thorshammare.org> <54581F0E.4080404@a1poweruser.com> <20141104110202.GA37003@ymer.thorshammare.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hasse Hansson <hasse@thorshammare.org> writes: > I'm aware of changing port for ssh, but I see it as a little bit of "givingup" > Gotta be some rather easy way of just blocking those attacks. Other than blocking > whole of CN and half of Asia. I've tried that too. It stopped the attacks and gave > me some room to think it over. Changing the port won't help you avoid attacks that might succeed, but it will substantially reduce the clutter that you need to look through. I don't do it because I've had problems with paranoid networks blocking everything but a few special ports, where ssh is one of the allowed ones, but I don't know if anybody's still doing anything that silly. > But I still wonder why sshguard or pf don't block those attacks. > shguard does it job on other probes, but not the root logins. PF doesn't seem > to do much at all. Firewalls won't help detect the attack. They can be used to keep someone out once the attack has been detected. I don't know sshguard, so I can't tell you why it isn't working for you, but there certainly are ports that can do so. I use bruteblock, for example, but I know there are several other options that do the same thing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44vbmv6kyp.fsf>