Date: Fri, 05 Mar 2010 07:03:53 -0600 From: Programmer In Training <pit@joseph-a-nagy-jr.us> To: freebsd-questions@freebsd.org Subject: Re: Thousands of ssh probes Message-ID: <4B910139.1080908@joseph-a-nagy-jr.us> In-Reply-To: <20100305125446.GA14774@elwood.starfire.mn.org> References: <20100305125446.GA14774@elwood.starfire.mn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigDE492454978279EA24394AB7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 03/05/10 06:54, John wrote: > My nightly security logs have thousands upon thousands of ssh probes > in them. One day, over 6500. This is enough that I can actually > "feel" it in my network performance. Other than changing ssh to > a non-standard port - is there a way to deal with these? Every > day, they originate from several different IP addresses, so I can't > just put in a static firewall rule. Is there a way to get ssh > to quit responding to a port or a way to generate a dynamic pf > rule in cases like this? Can you not deny all ssh attempts and then allow only from certain, trusted IPs? --=20 Yours In Christ, PIT Emails are not formal business letters, whatever businesses may want. Original content copyright under the OWL http://owl.apotheon.org Please do not CC me. If I'm posting to a list it is because I am subscrib= ed. --------------enigDE492454978279EA24394AB7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iQEcBAEBAgAGBQJLkQFRAAoJEENZQ8DH7rW0XlAH/1ZXuk4JJgxOvuMpojeV13Vh M4uI288DCbk4+5UjSEu0klnvA/hreg7x40EkqCdkj+FDePjXRTZxDp4W+tf5e0Nd 7LZxrzjVNNmDrBCbXjwYchT0p+GQzM41nZudF0zx7OSQXOO1xGxaKZu7GmmuFEHa Fuo+Qnmzbx4HI3dd+IWJ4QweLeh2FEJJxP0agjlLPnZPs1CaPdfN0xjLTByqUbij BRC6jK0gyJP1KxGOww3PFe5XRf0GccxuetqFSEn5RFshDdW1OcThEioH8JDDEQpN D9lqaWQPI4y6jK9NPEwhlDBCMMzZdg3r0vguDjeVYP4Baoe37r/xjvRa0LI7q3o= =BudN -----END PGP SIGNATURE----- --------------enigDE492454978279EA24394AB7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B910139.1080908>