Reality check: IPFW sees SSH traffic that sshd does not?
Richard Jones
freebsd-security at jonze.com
Wed Mar 21 14:13:00 UTC 2007
On Wed, Mar 21, 2007 at 09:27:24AM -0400, Bill Moran wrote:
> Not in my opinion. I run a little script I wrote that automatically adds
> failed SSH attempts to a table that blocks them from _everything_ in my
> pf rules. I figure if they're fishing for weak ssh passwords, their next
> likely attack route might be HTTP or SMTP, so why wait. This is on my
> personal server. Here where I work, we're even more strict.
I had a similar set up, but it was quite clunky. Following advise from
this list and others I now firewall port 22 to a few locations (e.g.
work), and also run ssh on a high port.
This doesn't necessarily make things any safer, but has reduced my log
noise drastically.
Regards,
Richard Jones
--
http://www.jonze.com
More information about the freebsd-security
mailing list