Date: Fri, 3 Jun 2005 10:03:28 -0400 From: "fbsd_user" <fbsd_user@a1poweruser.com> To: "Rick Preston" <rickjpreston@gmail.com>, "Steven Friedrich" <FreeBSD@insightbb.com> Cc: freebsd-questions@freebsd.org Subject: RE: can't figure out ssh, read lots of docs... Message-ID: <MIEPLLIBMLEEABPDBIEGMECCHGAA.fbsd_user@a1poweruser.com> In-Reply-To: <c4d7bf4905060115442df7c17a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
All the talk so far has been about how to stop attacks at your front door. This does nothing to really get back at the attacker to stop them from sending out their attacks. I use the abuse-reporting-system scripts. I have my ipfilter firewall log all these attacks/probes and then when the /var/log/security file rolls over the log is passed through the scripts that does whois on sending IP address to find ISP owner's abuse reporting email address and then sends the firewall log records to the ISP. Before I started running this abuse-reporting system I was getting over 1200 attacks/probes packets a day. Now after 6 months of running it I get less than 60 per day which are first time packets hitting me. If you really want to stop this trash form running up your bandwidth charges this is the way to get back at the attackers. The owning ISP just turns off their accounts. There is still some udp spoofing happening but that is small compared to the rest of the trash hitting your front door. The abuse-reporting-system scripts can be downloaded from http://www.unixguide.net/freebsd/fbsd_installguide/index.php or http://freebsd.packards-home.net/index.php It was submitted to FreeBSD as a port but not accepted yet. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Rick Preston Sent: Wednesday, June 01, 2005 6:44 PM To: Steven Friedrich Cc: freebsd-questions@freebsd.org Subject: Re: can't figure out ssh, read lots of docs... I just want to add a little about allowing root login over ssh and using common user names as login names if I may. I just left an admin job where we were running a live server and I used to read the log files everyday. The number of brute force attempts to login in to sshd was staggering sometimes over 700 attempts in a day from many different locations.(usually script kiddies) I had the only user account so it wasn't my users making mistakes. 90%+ of the attempts were for the root account. The other 10% were for common names like steven, rick, and paul the list goes on. So I would recommend that you keep root login disabled and don't use common names for login names. Most people where setting up scripts to block the offending attacker. Not to mention every security document or site I have ever read has said "Don't allow remote root login" Thanks for letting me spew, Rick On 6/1/05, Steven Friedrich <FreeBSD@insightbb.com> wrote: > Thanks to Nathan Kinkade, Roland Smith, Greg Barniskis, and Rick Preston for > the replies. Each gave me quite a bit of info and I'm still digesting it. > > I've been successful using ssh-agent, though I have to enter the passphrase > each time I run my script. That's really only an annoyance now because I'm > developing the script and have to enter it often. That goes away when the > script is stable. > > I've been using ssh to login to my local machines for quite some time and > never realized I didn't have it set up quite right, because it was asking for > a passwd, which means all other means failed. > > What I did notice though, is that I can't login as root using ssh. I haven't > found this mentioned in the man pages. > > Anybody know where it's documented, whether it can be changed, and would that > be a colossal mistake? > > I mean, hey, it's a secure shell, why can't I login as root? > > The reason I want to use root is because I'm trying to scp /etc/master.passwd > from each of my four machines so I can write them to a CD for backup. > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGMECCHGAA.fbsd_user>