inbound ssh ceased on 4 servers at same time
John Brooks
john at day-light.com
Thu Jun 9 13:56:30 GMT 2005
All traffic must pass thru the firewall in order to reach the
inside network. There are no nat redirect rules for port 22, so
all port 22 traffic is intercepted by the firewall. The only
way to reach interior hosts is to specifically log onto the firewall
and from the firewall ssh into the interior hosts.
On some of my networks the firewall will only accept traffic from
specific hosts, dropping all others. (sshd is running on all hosts)
All of my firewalls are running hardened versions of OpenBSD. All
of the servers behind the firewalls are running FreeBSD.
--
John Brooks
john at day-light.com
> -----Original Message-----
> From: Marcin Jessa [mailto:lists at yazzy.org]
> Sent: Thursday, June 09, 2005 8:39 AM
> To: john at day-light.com
> Cc: freebsd-isp at freebsd.org
> Subject: Re: inbound ssh ceased on 4 servers at same time
>
>
> Hi John, guys.
>
> On Sat, 4 Jun 2005 13:14:28 -0500
> "John Brooks" <john at day-light.com> wrote:
>
> > Thanks, sounds good to do on the outward facing firewall. These
> > four freebsd boxes are protected behind an openbsd firewall so
> > none of the brute-force sshd attacks have ever reached them.
>
> How do you filter those brute-force attacks?
> Do you check existence of users on the actual server running sshd ?
> I get hundreds of those attacks every day.
>
> Cheers,
> Marcin Jessa.
>
More information about the freebsd-isp
mailing list