inbound ssh ceased on 4 servers at same time

Marcin Jessa lists at yazzy.org
Thu Jun 9 14:35:08 GMT 2005 

Hi.

I know of a patch which locks out ssh users after X unsecessfull attempts (with possibility of whitelisting). I think the guys from pfsense use it or at least have that patch somewhere.
I thought OpenBSD had an option in sshd or/and pf for that as well.
Thanks for the answer John.

Cheers,
Marcin.



On Thu, 9 Jun 2005 08:56:33 -0500
"John Brooks" <john at day-light.com> wrote:

> All traffic must pass thru the firewall in order to reach the
> inside network. There are no nat redirect rules for port 22, so
> all port 22 traffic is intercepted by the firewall. The only
> way to reach interior hosts is to specifically log onto the firewall
> and from the firewall ssh into the interior hosts. 
> 
> On some of my networks the firewall will only accept traffic from 
> specific hosts, dropping all others. (sshd is running on all hosts)
> All of my firewalls are running hardened versions of OpenBSD. All
> of the servers behind the firewalls are running FreeBSD.
> 
> --
> John Brooks
> john at day-light.com 
> 
> > -----Original Message-----
> > From: Marcin Jessa [mailto:lists at yazzy.org]
> > Sent: Thursday, June 09, 2005 8:39 AM
> > To: john at day-light.com
> > Cc: freebsd-isp at freebsd.org
> > Subject: Re: inbound ssh ceased on 4 servers at same time
> > 
> > 
> > Hi John, guys.
> > 
> > On Sat, 4 Jun 2005 13:14:28 -0500
> > "John Brooks" <john at day-light.com> wrote:
> > 
> > > Thanks, sounds good to do on the outward facing firewall. These
> > > four freebsd boxes are protected behind an openbsd firewall so
> > > none of the brute-force sshd attacks have ever reached them.
> > 
> > How do you filter those brute-force attacks? 
> > Do you check existence of users on the actual server running sshd ?
> > I get hundreds of those attacks every day.
> > 
> > Cheers,
> > Marcin Jessa.
> > 
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"

More information about the freebsd-isp mailing list