Re: Reality check: IPFW sees SSH traffic that sshd does not?



On Wed, Mar 21, 2007 at 09:27:24AM -0400, Bill Moran wrote:
Not in my opinion. I run a little script I wrote that automatically adds
failed SSH attempts to a table that blocks them from _everything_ in my
pf rules. I figure if they're fishing for weak ssh passwords, their next
likely attack route might be HTTP or SMTP, so why wait. This is on my
personal server. Here where I work, we're even more strict.

I had a similar set up, but it was quite clunky. Following advise from
this list and others I now firewall port 22 to a few locations (e.g.
work), and also run ssh on a high port.

This doesn't necessarily make things any safer, but has reduced my log
noise drastically.

Regards,

Richard Jones

--
http://www.jonze.com
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: ssh "proxy mode"
    ... >open a firewall port. ... >Since the SOCKS proxy and SOCKS client will both be running on C, ... you might be able to use 'ssh' as the ProxyCommand ...
    (comp.security.ssh)
  • Forwarding http for a specific host through a firewall via ssh
    ... I have succeessfully done this with ssh for simple ... to map localhost:1617 through the firewall port ... I then connect to localhost:1617 with netscape, ... port 1617 on localhost set up to look at the right thing, ...
    (comp.security.ssh)