Defending against SSH attacks with pf
Christopher Hilton
chris at vindaloo.com
Tue Apr 24 22:36:01 UTC 2007
Erik Osterholm wrote:
> On Sun, Apr 15, 2007 at 08:02:55PM -0400, Bill Moran wrote:
>> There was some discussion on this list not too long ago, and someone
>> asked if I was willing to make my pf config and the associated scripts
>> I wrote for it public. I would have posted on the original thread,
>> but I can't find it now.
>>
>> Here is the information:
>> http://www.potentialtech.com/cms/node/16
>>
>>
First: I'm not sure if the group got to it and I'm posting to a very
stale thread here but I've found that the best way to defeat these
password scanning ssh bots is to disallow passwords allowing
public/private key authentication in their stead. Unfortunately this
isn't always possible. Bill's method is a very close second.
Second: I love the simplicity of the stateless firewall rules in Bill's
pf.conf. I may have to look at implementing that here.
-- Chris
--
__o "All I was doing was trying to get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*)___________________________________________________________
Christopher Sean Hilton <chris | at | vindaloo.com>
pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14
More information about the freebsd-questions
mailing list