Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Jan 2005 22:28:25 -0600
From:      Jay Moore <jaymo@cromagnon.cullmail.com>
To:        freebsd-questions@freebsd.org, artware <artware@gmail.com>
Subject:   Re: Blacklisting IPs
Message-ID:  <200501112228.25182.jaymo@cromagnon.cullmail.com>
In-Reply-To: <fd0919510501102246646d8e52@mail.gmail.com>
References:  <20050110035717.27062.qmail@web41008.mail.yahoo.com> <41E318B2.3020108@makeworld.com> <fd0919510501102246646d8e52@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 11 January 2005 12:46 am, artware wrote:
> Thanks for the input, everyone! Port-knocking is overkill at this
> point, but I did do the following things to sshd_config:
>
> Set port to non-default
> PermitRootLogin no
> LoginGraceTime 45s
> AllowUsers lists only one user -- me. :)
>
> I also did route -nq add -host xxx.xxx.xxx.xxx 127.0.0.1 -blackhole...
>
> I think telnet was disabled by default in the base 5.3 install...
>
> I know this attack was probably random, but the whole reason I took
> over as sysadmin and switched to FreeBSD is that our RHE box was being
> broken into almost nightly -- so I'm sensitive to security concerns.
> Is there anything else I should consider doing to the stock FreeBSD to
> fortify it? It already feels about 100 times more secure than RH...

You might consider using pf as a stateful packet filter. You could for example 
limit SSH connections to certain ip addresses, redirect connections at port 
25 to spamd, etc, etc. There's a very good user's guide & overview of pf at:

http://www.openbsd.org/faq/pf/index.html

Jay



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501112228.25182.jaymo>