On 1/11/10, David Southwell <da...@vizion2000.net> wrote: >> I'm thinking of denying ssh access to host from which >> I get brute force ssh attacks. >> >> HOwever, I see in /etc/hosts.allow: >> >> # Wrapping sshd(8) is not normally a good idea, but if you >> # need to do it, here's how >> #sshd : .evil.cracker.example.com : deny >> >> Why is it not a good idea? >> >> Also, apparently in older ssh there was DenyHosts option, >> but no longer in the current version. >> Is there a replacement for DenyHOsts? >> Or is there a good reason for such option not to be used? >> >> many thanks >> anton >> > I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also > use blackhole and sshguard > > david
I've been meaning to check this out. My firewall ssh rules are very strict, in fact, if the remote IP is "unknown" meaning, I don't know where the heck it's coming from, it's blocked. It's easier to say it this way: I allow ssh connections from IPs I know, preferably static IPs. Given that there are more than one general blacklists out there that list unwanted behavior, and that we have ports that make use of these lists, I wonder if we can use a list (in this case, for spam) effective for blocking ssh connections. This means: install spamd setup pf (requirement for spamd, it is built by OpenBSD after all) in the pf rules, block *ANYTHING* coming from the blacklisted IPs I don't know how effective it is, but since the spamd blacklist IPs are hosted on what seems to be only one server/server farm, I am also looking for any way I can provide a mirror (even if it's slightly outdated) of this data. --Tim _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"