change your ssh port to like 30222 or something ..
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > A > Sent: December 17, 2004 12:12 AM > To: [EMAIL PROTECTED] > Subject: pf port knocking > > > Hey all > > I am getting tired of seeing the following popping up every day (with > various IPs) on my log server. > > * ROOT FAILURES > jasper ssh2(pw) @221.143.156.58(3) > * User Failures > admin ssh2(pw) jasper(2) > andrew ssh2(pw) jasper(1) > angel ssh2(pw) jasper(1) > barbara ssh2(pw) jasper(1) > ben ssh2(pw) jasper(1) > betty ssh2(pw) jasper(1) > billy ssh2(pw) jasper(1) > black ssh2(pw) jasper(1) > blue ssh2(pw) jasper(1) > brandon ssh2(pw) jasper(1) > brian ssh2(pw) jasper(1) > buddy ssh2(pw) jasper(1) > carmen ssh2(pw) jasper(1) > charlie ssh2(pw) jasper(1) > daniel ssh2(pw) jasper(1) > david ssh2(pw) jasper(1) > dog ssh2(pw) jasper(1) > emily ssh2(pw) jasper(1) > eric ssh2(pw) jasper(1) > god ssh2(pw) jasper(1) > green ssh2(pw) jasper(1) > guest ssh2(pw) jasper(1) > henry ssh2(pw) jasper(1) > jane ssh2(pw) jasper(1) > jason ssh2(pw) jasper(1) > jeremy ssh2(pw) jasper(1) > joe ssh2(pw) jasper(1) > johnny ssh2(pw) jasper(1) > jordan ssh2(pw) jasper(1) > justin ssh2(pw) jasper(1) > larisa ssh2(pw) jasper(1) > lion ssh2(pw) jasper(1) > lp ssh2(pw) jasper(1) > lucy ssh2(pw) jasper(1) > magic ssh2(pw) jasper(1) > mail ssh2(pw) jasper(1) > maria ssh2(pw) jasper(1) > market ssh2(pw) jasper(1) > matthew ssh2(pw) jasper(1) > max ssh2(pw) jasper(1) > michael ssh2(pw) jasper(1) > nathan ssh2(pw) jasper(1) > nicholas ssh2(pw) jasper(1) > nicole ssh2(pw) jasper(1) > operator ssh2(pw) jasper(1) > pub ssh2(pw) jasper(1) > red ssh2(pw) jasper(1) > robin ssh2(pw) jasper(1) > rose ssh2(pw) jasper(1) > shell ssh2(pw) jasper(1) > stephen ssh2(pw) jasper(1) > steven ssh2(pw) jasper(1) > system ssh2(pw) jasper(1) > test ssh2(pw) jasper(2) > tom ssh2(pw) jasper(1) > user ssh2(pw) jasper(1) > vampire ssh2(pw) jasper(1) > william ssh2(pw) jasper(1) > yellow ssh2(pw) jasper(1) > > Just script kiddies most probably. Plus, we use public/private keys on > "jasper" so it's not like people are going to get in that > way. However, > having the port wide open does give the possibility that a bug in the > SSH daemon (if one pops up) could open the door for a hacker > to get in. > > > Further, "jasper" is the only machine that is externally > accessible via > SSH (the only other open ports are domain, web and mail on other > servers). I need to leave SSH open as a number of people work remotely > and tunnel through it to some of the services on the internal > network. > > Additionally, we are about to setup a system to run a VPN between our > office and some contractors. I would like that box's IP to appear > offline/completely closed (until required) as well. > > To sum up, apart from web, mail and domain (to specific servers), I > would much prefer that every port appear closed. To achieve this, I > would like to implement port knocking on the gateway firewall (runs > OBSD 3.4 and pf). For those unfamiliar with the technique, it is like > knocking a certain pattern/code on a door to open it. Here, you fire > connections at a server on designated ports to instruct the > firewall to > open a port. So, if the firewall detects a connection on ports 14289, > 32883, 1234 and 3428 (in that order), port 22 is opened for the > relevant IP address. > > Has anyone heard of anyone working on a portknocking daemon for > OBSD/pf? There are a couple of basic setups over at > www.portknocking.org but thought I would check here before > attempting a > port. > > If no work has begun, I think I will take the perl prototype script > they have at portknocking.org and see what I can do for pf. I would > imagine I will have to setup anchors in pf which I haven't > done yet but > am sure I will get my head around it. Any pointers would be > appreciated! :) > > I will also need to write a windows util to do the knocking for the > contractors - can Perl run on a Windows machine or will I have to dust > off my C compiler? :) > > Andrew > > Find local movie times and trailers on Yahoo! Movies. > http://au.movies.yahoo.com >