The facts of life is script kiddies and robots roll through ranges
of
ip address looking for open ssh ports and then mount a attack. There
is
nothing you can do about this except change the port
number ssh uses to some high port number so they do not find you.

Here is document to explain how to do that in detail.

http://elibrary.fultus.com/technical/index.jsp?topic=/com.fultus.doc
s.software/books/ssh_how-to/cover.html



-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of nawcom
Sent: Tuesday, March 28, 2006 2:12 PM
To: freebsd-questions@freebsd.org
Subject: ipfw secure setup for ssh bruteforcers


I have a pretty good setup with ipfw, and theres always dickheads
constantly
trying to get in - mostly through
old microsoft and ssh1/2 exploits with certain usernames and
passwords. I
pretty much add their ip to a protected ban list (after 5 tries)
which bans
them from the entire server.

>From any professionals, what is the most effective technique that i
should
use to take care of these kiddies
other than a complete ban? Is my technique good or is it oversecure?
An
admin said that doing this can be bad, especially when
the kiddy is connected to a large network like a company or
university; I
may block other people who aren't guilty of the act. (which makes
sense)

I use the up do date ssh so any exploits are
either patched up or will be patched when they're discovered, so
holes in
the program shouldn't be in issue.

any replies would be wonderful,
Thanks,
Ben


--
"They that can give up essential liberty to obtain a little
temporary safety
deserve neither liberty nor safety."
--- Benjamin Franklin
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to