Blocking a slow-burning SSH bruteforce

krad kraduk at googlemail.com
Sat Jan 2 12:01:31 UTC 2010


2010/1/1 J65nko <j65nko at gmail.com>

> After some posts a discussion on the freebsd-table mailing list goes into
> several approaches to deal with these SSH probes.
>
> See
> http://lists.freebsd.org/pipermail/freebsd-stable/2009-December/053326.html
>
> You still could allow outgoing ssh traffic on port 22 and allow
> incoming SSH on another port.
>
> Adriaan
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>

one thing i have done in the past is severly lock down ssh to a small set of
ips with pf. I then ran openvpn to allow me to access from random places,
and left the acl on that fairly loose. Everything was also based on keys and
certs.

Another way to do it is purchase a cheap shell somewhere, and use it to
bounce off to get to your box. Your machine can then be acl'ed up well. Make
sure to use agent forwarding though just in case anyone is running key
logging etc on the remote shell


More information about the freebsd-questions mailing list