Thousands of ssh probes
tajudd at gmail.com
Fri Mar 5 20:43:14 UTC 2010
On 3/5/10, John <john at starfire.mn.org> wrote:
> On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training wrote:
>> On 03/05/10 06:54, John wrote:
>> > My nightly security logs have thousands upon thousands of ssh probes
>> > in them. One day, over 6500. This is enough that I can actually
>> > "feel" it in my network performance. Other than changing ssh to
>> > a non-standard port - is there a way to deal with these? Every
>> > day, they originate from several different IP addresses, so I can't
>> > just put in a static firewall rule. Is there a way to get ssh
>> > to quit responding to a port or a way to generate a dynamic pf
>> > rule in cases like this?
>> Can you not deny all ssh attempts and then allow only from certain,
>> trusted IPs?
> Ah, I should have added that I travel a fair amount, and often
> have to get to my systems via hotel WiFi or Aircard, so it's
> impossible to predict my originating IP address in advance. If
> that were not the case, this would be an excellent suggestion.
I've been in that same boat. I eventually came to the decision to:
Install PPTP server software, accepting connections from any IP.
Once connected with PPTP, edit the sshd rule in pf to allow sshd connections.
Optionally reconnect for sshd only.
It's worked well.
>> Yours In Christ,
>> Emails are not formal business letters, whatever businesses may want.
>> Original content copyright under the OWL http://owl.apotheon.org
>> Please do not CC me. If I'm posting to a list it is because I am
> John Lind
> john at starfire.MN.ORG
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions