Re: SSH brute force attacks no longer being caught by PF rule

Previous thread: Top/uptime seems high by Edwards, David (JTS) on Monday, August 13, 2007 - 2:24 am. (10 messages)

Next thread: OpenCON 2007 // Call for Sponsors by Ed on Monday, August 13, 2007 - 10:25 am. (1 message)

[view original message]

From: no@spam@mgedv.net <nospam@...>

To: Stuart Henderson <stu@...>, OpenBSD <misc@...>

Subject: Re: SSH brute force attacks no longer being caught by PF rule

Date: Monday, August 13, 2007 - 7:51 am

----- Original Message ----- 
From: "Stuart Henderson" &lt;stu@spacehopper.org&gt;
To: "OpenBSD" &lt;misc@openbsd.org&gt;
Sent: Monday, August 13, 2007 1:30 PM
Subject: Re: [misc] SSH brute force attacks no longer being caught by PF 

maybe somewhat off-topic, but:
why don't you just switch your ssh port to a different one.
we've been running with this configuration since years and
a log examination of the ssh-logs and connection logs from
the firewall shows that there was not even 1 (!) connect to
the ssh-port from "bad" IPs.

[view original message]

From: Stuart Henderson <stu@...>

To: no@spam@mgedv.net <nospam@...>

Cc: OpenBSD <misc@...>

Subject: Re: SSH brute force attacks no longer being caught by PF rule

Date: Monday, August 13, 2007 - 8:25 am

In my case, because it annoys me, and max-src-conn-rate doesn't.

[view original message]

From: David Newman <dnewman@...>

To: OpenBSD <misc@...>

Subject: Re: SSH brute force attacks no longer being caught by PF rule

Date: Monday, August 13, 2007 - 8:39 pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I concur, and would add that this fails the security-by-obscurity test.

In any event, max-src-conn-rate and max-src-conn are now keeping the
skiddies (or whomever) at bay. Thanks all who responded.

dn
iD8DBQFGwPm/yPxGVjntI4IRAib4AKCEn0kDDWy0qr9MjMcYVlRKCwVFRACgyB0i
8gwsRtzc+M0W/RwHLYNbXm0=
=56Ag
-----END PGP SIGNATURE-----


linux-kernel:
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Greg KH	[patch 00/04] RFC: Staging tree (drivers/staging)
James Bottomley	Re: Integration of SCST in the mainstream Linux kernel
Steven Rostedt	[RFC PATCH 1/3] Unified trace buffer
git:
Jon Smirl	! [rejected] master -> master (non-fast forward)
Marco Costalba	[ANNOUNCE] qgit4 aka qgit ported to Windows
Andi Kleen	Re: [kernel.org users] [RFD] On deprecating "git-foo" for builtins
Sverre Rabbelier	Git vs Monotone
openbsd-misc:
Richard Stallman	Real men don't attack straw men
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Damian Gerow	Oddly high load average
Benjamin Adams	BSD Port from OpenJDK
linux-netdev:
Michael Grollman	Re: 8169 Intermittent ifup Failure Issue With RTL8102E Chipset in Intel's New D945...
Volker Armin Hemmann	build error with 2.6.27.6+reiser4+ehci-hub patch. ERROR: "mii_ethtool_gset" [drive...
Evgeniy Polyakov	[resend take 2 0/4] Distributed storage.
Wenji Wu	A Linux TCP SACK Question


serial driver xmit problem	1 hour ago	Linux kernel
Why Windows is better than Linux	1 hour ago	Linux general
How can I see my kernel messages in vt12?	7 hours ago	Linux kernel
Grub	19 hours ago	Linux general
vmalloc_fault handling in x86_64	1 day ago	Linux kernel
epoll_wait()ing on epoll FD	1 day ago	Linux kernel
Framebuffer in x86_64 causes problems to multiseat	1 day ago	Linux kernel
Difference between 2.4 and 2.6 regarding thread creation	1 day ago	Linux general
Netfilter kernel module	1 day ago	Linux kernel
Compiling gfs2 on kernel 2.6.27	1 day ago	Linux kernel

Re: SSH brute force attacks no longer being caught by PF rule

Online users