-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel O'Connor wrote: > On Sat, 3 Oct 2009, krad wrote: >> simplest this to do is disable password auth, and use key based. > > Your logs are still full of crap though. > > I find sshguard works well, and I am fairly sure you couldn't spoof a > valid TCP connection through pf sanitising so it would be difficult > (nigh-impossible?) for someone to cause you to block a legit IP. > > If you can, changing the port sshd runs on is by far the simplest work > around. Galling as it is to have to change stuff to work around > malicious assholes..
Believe it or not, I find this pf.conf rule very effective to mitigate this type of distributed SSH botnet attack: block in quick proto tcp from any os "Linux" to any port ssh Cheers, - -- Xin LI <delp...@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iEYEARECAAYFAkrIXjsACgkQi+vbBBjt66DjhACeOJTIYbDuvAjIgYDrQ41aJcw8 +lsAoJhoUOoSL1k4Y/n/UDwqZNSUxId2 =wdkL -----END PGP SIGNATURE----- _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
