Blacklisting IPs
Jay Moore
jaymo at cromagnon.cullmail.com
Tue Jan 11 20:30:35 PST 2005
On Tuesday 11 January 2005 12:46 am, artware wrote:
> Thanks for the input, everyone! Port-knocking is overkill at this
> point, but I did do the following things to sshd_config:
>
> Set port to non-default
> PermitRootLogin no
> LoginGraceTime 45s
> AllowUsers lists only one user -- me. :)
>
> I also did route -nq add -host xxx.xxx.xxx.xxx 127.0.0.1 -blackhole...
>
> I think telnet was disabled by default in the base 5.3 install...
>
> I know this attack was probably random, but the whole reason I took
> over as sysadmin and switched to FreeBSD is that our RHE box was being
> broken into almost nightly -- so I'm sensitive to security concerns.
> Is there anything else I should consider doing to the stock FreeBSD to
> fortify it? It already feels about 100 times more secure than RH...
You might consider using pf as a stateful packet filter. You could for example
limit SSH connections to certain ip addresses, redirect connections at port
25 to spamd, etc, etc. There's a very good user's guide & overview of pf at:
http://www.openbsd.org/faq/pf/index.html
Jay
More information about the freebsd-questions
mailing list