Re: Attacks on ssh port

• Previous message: Mike Silbersack: "Re: Random source ports in FreeBSD?"
• In reply to: David D.W. Downey: "Re: Attacks on ssh port"
• Next in thread: David D.W. Downey: "Re: Attacks on ssh port"
• Maybe reply: Craig Edwards: "Re: Re: Attacks on ssh port"
• Maybe reply: Craig Edwards: "Re: Re: Attacks on ssh port"
• Reply: David D.W. Downey: "Re: Attacks on ssh port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 18 Sep 2004 23:44:54 +0200
To: "David D.W. Downey" <david.downey@gmail.com>

David D.W. Downey wrote:

>On Sat, 18 Sep 2004 14:18:32 +0200, Willem Jan Withagen <wjw@withagen.nl> wrote:
>
>
>>Hi,
>>
>>Is there a security problem with ssh that I've missed???
>>Ik keep getting these hords of:
>> Failed password for root from 69.242.5.195 port 39239 ssh2
>>with all kinds of different source addresses.
>>
>>They have a shot or 15 and then they are of again, but a little later on
>>they're back and keep clogging my logs.
>>Is there a "easy" way of getting these ip-numbers added to the
>>blocking-list of ipfw??
>>
>>Thanx,
>>--WjW
>>
>>
>
>well you want to see those. So long as you have
>
>PermitRootLogin no
>
>in your /etc/ssh/sshd_config, they won't be able to get in since ssh
>is then denied for root (except via a valid ssh key which you can
>further lock down by adding
>
>from="ip.addr, forward.dns.record.of.host"
>
>to the beginning of your ssh-dsa or ssh-rsa key line in ~/.ssh/authorized_keys)
>
>
>
It is not about all this. I know these, and I use them if appropriate.
(Come to think of it, I was one of the first externals to test Wietse
Venema's TCP-wrapper.)

Once I have identified the nature and quality of this type of problem,
I want to deal with it in such a way that it is no longer a bother. And
in this particular case these records are clogging my login error
records. And because of that I just might miss out on the one or two
that do matter. You might want to call it noise-reduction, and I'm
looking for a as large as possible Signal/Noise ratio.
So that is why I would like to be able to throw root/ssh login attempts
directly in the garbage and kill the host where these are coming from
with a records in my firewall.

--WjW

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Mike Silbersack: "Re: Random source ports in FreeBSD?"
• In reply to: David D.W. Downey: "Re: Attacks on ssh port"
• Next in thread: David D.W. Downey: "Re: Attacks on ssh port"
• Maybe reply: Craig Edwards: "Re: Re: Attacks on ssh port"
• Maybe reply: Craig Edwards: "Re: Re: Attacks on ssh port"
• Reply: David D.W. Downey: "Re: Attacks on ssh port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Attacks on ssh port ... > Is there a security problem with ssh that I've missed??? ... > Ik keep getting these hords of: ... not a ssh related problem, it's just a brute force attack, I'm ... (FreeBSD-Security) pam_radius fail open? ... “If you find a security problem -- or even if you find something which ... I mistakenly typed the line for ssh as follows: ... Here is the result when I ssh in to the server from another host: ... The thing to note is that the system did not prompt me for a password. ... (FreeBSD-Security) Attacks on ssh port ... Is there a security problem with ssh that I've missed??? ... Ik keep getting these hords of: ... They have a shot or 15 and then they are of again, ... (FreeBSD-Security) Re: Attacks on ssh port ... > Is there a security problem with ssh that I've missed??? ... > Ik keep getting these hords of: ... A better solution to the verbosity level would probably be to change ... (FreeBSD-Security)