Blacklisting IPs
artware
artware at gmail.com
Mon Jan 10 22:46:07 PST 2005
Thanks for the input, everyone! Port-knocking is overkill at this
point, but I did do the following things to sshd_config:
Set port to non-default
PermitRootLogin no
LoginGraceTime 45s
AllowUsers lists only one user -- me. :)
I also did route -nq add -host xxx.xxx.xxx.xxx 127.0.0.1 -blackhole...
I think telnet was disabled by default in the base 5.3 install...
I know this attack was probably random, but the whole reason I took
over as sysadmin and switched to FreeBSD is that our RHE box was being
broken into almost nightly -- so I'm sensitive to security concerns.
Is there anything else I should consider doing to the stock FreeBSD to
fortify it? It already feels about 100 times more secure than RH...
- ben
More information about the freebsd-questions
mailing list