On 8/9/2010 8:13 PM, Matt Emmerton wrote:
Hi all,
I'm in the middle of dealing with a SSH brute force attack that is
relentless. I'm working on getting sshguard+ipfw in place to deal
with it, but in the meantime, my box is getting pegged because sshd
is accepting some connections which are getting stuck in [accepted]
state and eating CPU.
I know there's not much I can do about the brute force attacks, but
will upgrading openssh avoid these stuck connections?
There is a cracking/DoS technique, that tries to exhaust a servers
resources, by continualy issuing connect requests, in the hope that
when the stack croaks in some way, it'll somehow drop it's guard, or
go off air permanently. Have you upset anyone recently?
Not that I know of - unless my wife counts :)
Can you not move your services to non standard IP ports, moving away
from the standard ports, where all the script kiddies & bots hang
out, or are your clients cast in concrete?
Right now, they are cast in concrete. I want to move many of them to public
keys, so maybe I will change the port at the same time too.
I've got FTP, Web and SSH systems running on two sites, on very non
standard ports, with next to no one "trying" to get in as a result,
but maintaining full visibility to the clients that need them, and
know where they are! All my standard ports (80, 21, 22 etc) show as
non existant to the outside world, except on one site, where the
mail server is continualy getting hammered, but the site's ISP say
they cant forward mail to any other port.
I have two servers on the same IP block, and one is getting brute-forced and
the other is not. I guess it's just a matter of time before the botnets
seek it out.
The users have no problems, so long as I correctly specify the port
with the address to them, as in 'address:port' if I send them a link
etc, or an example how to fill in a connection dialog.
I'm seriously going to consider this.
--
Matt
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
