Distributed SSH attack

Daniel O'Connor doconnor at gsoft.com.au
Sat Oct 3 14:27:09 UTC 2009

On Sat, 3 Oct 2009, krad wrote:
> simplest this to do is disable password auth, and use key based.

Your logs are still full of crap though.

I find sshguard works well, and I am fairly sure you couldn't spoof a 
valid TCP connection through pf sanitising so it would be difficult 
(nigh-impossible?) for someone to cause you to block a legit IP.

If you can, changing the port sshd runs on is by far the simplest work 
around. Galling as it is to have to change stuff to work around 
malicious assholes..

Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20091003/c8f18f56/attachment.pgp

More information about the freebsd-hackers mailing list