From owner-freebsd-questions@FreeBSD.ORG Sun Oct 23 15:03:22 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC5591065675 for ; Sun, 23 Oct 2011 15:03:22 +0000 (UTC) (envelope-from fbsd@thorshammare.org) Received: from smtprelay-b11.telenor.se (smtprelay-b11.telenor.se [62.127.194.20]) by mx1.freebsd.org (Postfix) with ESMTP id 2ABB48FC13 for ; Sun, 23 Oct 2011 15:03:21 +0000 (UTC) Received: from iph4.telenor.se (iph4.telenor.se [195.54.127.135]) by smtprelay-b11.telenor.se (Postfix) with ESMTP id 511CAD1A7 for ; Sun, 23 Oct 2011 17:03:20 +0200 (CEST) X-SENDER-IP: [83.227.225.121] X-LISTENER: [smtp.bredband.net] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqgNANcrpE5T4+F5PGdsb2JhbABDmU+BbI1WGQEBAQE3MoFuAQEBAQIBAQEBBSAmCBYCCAMFCAMCFgEBAgQBAQEWAQEPBxkOAQUECAMHAwkIAQEEAQcHBAEKEAIEh18CBrJfhSwBBIMPBIdWihiTeA X-IronPort-AV: E=Sophos;i="4.69,394,1315173600"; d="scan'208";a="1992343409" Received: from ua-83-227-225-121.cust.bredbandsbolaget.se (HELO odin.thorshammare.org) ([83.227.225.121]) by iph4.telenor.se with ESMTP; 23 Oct 2011 17:03:19 +0200 Received: from Obah (obah [192.168.1.10]) by odin.thorshammare.org (8.14.5/8.14.5) with ESMTP id p9NF3E58002035; Sun, 23 Oct 2011 17:03:14 +0200 (CEST) (envelope-from fbsd@thorshammare.org) From: "Hasse Hansson" To: "'Bill Tillman'" , "'Bruce Cran'" , "'Polytropon'" References: <000001cc90c0$a0c16050$e24420f0$@org> <4EA2CE72.5030202@cran.org.uk> <20111022161242.11803f76.freebsd@edvax.de> <85D6B8A7-9AF6-4188-BC58-F8CBF5ED9E91@cran.org.uk> <1319370965.37165.YahooMailNeo@web36501.mail.mud.yahoo.com> In-Reply-To: <1319370965.37165.YahooMailNeo@web36501.mail.mud.yahoo.com> Date: Sun, 23 Oct 2011 17:03:05 +0200 Message-ID: <000001cc9194$e1d8a240$a589e6c0$@org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcyRfKzrHLH7nV+tSOCwltQJ4CaGRAAFLvQg Content-Language: sv X-Virus-Scanned: clamav-milter 0.97.3 at odin.thorshammare.org X-Virus-Status: Clean X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on odin.thorshammare.org Cc: freebsd-questions@freebsd.org Subject: SV: Breakin attempt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Oct 2011 15:03:22 -0000 -----Oprindelig meddelelse----- Fra: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] P=E5 vegne af Bill Tillman Sendt: den 23 oktober 2011 13:56 Til: Bruce Cran; Polytropon Cc: freebsd-questions@freebsd.org Emne: Re: Breakin attempt ________________________________ From: Bruce Cran To: Polytropon Cc: freebsd-questions@freebsd.org Sent: Saturday, October 22, 2011 10:37 AM Subject: Re: Breakin attempt On 22 Oct 2011, at 15:12, Polytropon wrote: > On Sat, 22 Oct 2011 15:08:50 +0100, Bruce Cran wrote: >> I suspect that these sorts of attacks are fairly normal if you're=20 >> running ssh on the standard port. I used to have lots of 'break-in=20 >> attempts' before I moved the ssh server to a different port. >=20 > Is there _any_ reason why moving from port 22 to something > different is _not_ a solution? If you run some sort of shell server, or where many people need to login using ssh, you'll have a bit of a support problem telling people to = select the non-default port. Also, some might consider it security through obscurity, which is often said to be a bad thing. --=20 Bruce Cran _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" I agree. I run ssh on a different port and still some hackers, usually = from the Far East still detect it and try to gain access. It happens all the time. Remember there is a big difference between a break-in and an = attempted break-in. It is a sad state of affairs that so much effort and energy = and high IQ thinking is spent on security these days. If we could just = channel all that energy into something more useful. The point about giving so many others ssh logins is something I cringe = on as well. I realize it's useful and needed, but there is a real myth out = there that hackers are overwhelmingly intelligent and must be highly skilled = to hack into someone's system. I think if you were to examine the real = numbers you'd find the vast majority of break ins come from someone who either = has a login username and password, bought or stole a username and password or overheard someone talking about their username and password. There are = of course exceptions but the media and hype about all these intelligent = hackers is just overblown. Loose lips sink ships. And as soon as more than one person knows a secret...it's no longer a secret. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" -------------------------------------------------------------------------= --- --------------'=A8 Thanks all for responding and contributing to my post. For the moment, "all quiet on the eastern front"=20 I followed the advices I got, changed the ssh port, and it drastically reduced the noise in my log files. My guess, it was some kind of "bots" probing. Lots of resources down the drain. It really would be nice to set up some kind of "tarpit" to slow down = them suckers a bit. I have a faint memory of seeing some suggestions of doing that with a = "que" rule or something in PF. Have to "google" a bit and look into it. The good thing, it made me scrutinize my security settings and fix = things I should have fixed long time ago. As said before, this server is running just for pleasure and educational purposes, so I'm free to do any Changes or experiments I please to. All the best Hasse