Date: Fri, 5 Mar 2010 07:26:04 -0600 From: John <john@starfire.mn.org> To: Programmer In Training <pit@joseph-a-nagy-jr.us> Cc: freebsd-questions@freebsd.org Subject: Re: Thousands of ssh probes Message-ID: <20100305132604.GC14774@elwood.starfire.mn.org> In-Reply-To: <4B910139.1080908@joseph-a-nagy-jr.us> References: <20100305125446.GA14774@elwood.starfire.mn.org> <4B910139.1080908@joseph-a-nagy-jr.us>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training wrote: > On 03/05/10 06:54, John wrote: > > My nightly security logs have thousands upon thousands of ssh probes > > in them. One day, over 6500. This is enough that I can actually > > "feel" it in my network performance. Other than changing ssh to > > a non-standard port - is there a way to deal with these? Every > > day, they originate from several different IP addresses, so I can't > > just put in a static firewall rule. Is there a way to get ssh > > to quit responding to a port or a way to generate a dynamic pf > > rule in cases like this? > > Can you not deny all ssh attempts and then allow only from certain, > trusted IPs? Ah, I should have added that I travel a fair amount, and often have to get to my systems via hotel WiFi or Aircard, so it's impossible to predict my originating IP address in advance. If that were not the case, this would be an excellent suggestion. > -- > Yours In Christ, > > PIT > Emails are not formal business letters, whatever businesses may want. > Original content copyright under the OWL http://owl.apotheon.org > Please do not CC me. If I'm posting to a list it is because I am subscribed. -- John Lind john@starfire.MN.ORG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100305132604.GC14774>