[BUGS] Constant SSH login spam
Jerahmy Pocott
quakenet1 at optusnet.com.au
Tue Feb 5 02:58:43 EST 2008
On 04/02/2008, at 10:19 PM, Sunnz wrote:
> 2008/2/4, Sh4d03 <mlists at shadow-security.net>:
>> Jerahmy Pocott wrote:
>> My recommendation would be to simply move it to another port. This is
>> "giving in" to script kiddies as much as installing Anti-Spam
>> measures
>> is "giving in" to Spammers. It's easy to do, and in my opinion a much
>> cleaner option rather than installing 3rd party mechanisms. Why
>> bother
>> your system by making it check invalid login counts when you can
>> simply
>> (and cheaply) drop the traffic if they don't know the port?
>>
>> Worked for me!
>>
>
> It may work for you, but what about people who need to SSH from a
> restrictive firewall where only common ports are open, such that they
> have to use 22?
>
> I would use the following:
>
> http://home.nuug.no/~peter/pf/en/long-firewall.html#BRUTEFORCE
>
> It is a lot more simpler to set up than the sourceforge thing to
> detect constant logins and drop the packets.
Just a quick FYI, denyhosts (the sourceforge thing) is also in the
FreeBSD ports collection under ports/security/denyhosts/
What is best to do is really dependent on the situation, for me I like
the look of denyhosts, since it not only stops the bruteforce attacks
but also alerts you to when someone is trying passwords on an existing
account letting you see real threats in the haystack.. But we will see
how it pans out..
Cheers,
J.
More information about the BUGS
mailing list