promt solution with max-src-conn-rate
Bill Marquette
bill.marquette at gmail.com
Mon May 15 16:07:40 UTC 2006
On 5/15/06, GreenX FreeBSD <freebsd at azimut-tour.ru> wrote:
> > I'd advise against what you're trying to do. It won't make your box
> > more secure.
> Why?
> Simply so, on ssh you will not come any more.
> If I am not mistaken, probability of that the scanner will begin the
> check with "key" port,
> and further at once will check up sshd is equal - 1 / (0xFFFF*0xFFFE).
> If he will not make itthis, he can be caught on max-src-conn-rate
> concerning public services,
> and to put for his forward from all ports on ssh localhost.
And you always connect from a trusted network? Presumably the answer
to this is no, else you'd just put rules in to allow the trusted
network to connect. Port-knocking is security through obscurity at
it's best and at a minimum is wide open to replay attacks.
If the concern is simply that you don't want someone brute forcing an
account, force the use of SSH authorized keys. Run a script watching
the logs for anyone failing logins and add those addresses to a block
list.
--Bill
More information about the freebsd-pf
mailing list