David Rawling wrote: > On 2/01/2010 2:07 AM, J.D. Bronson wrote: >> Few options I can think of in random order...I use #1: >> >> 1. Run SSH on an obscure port. Seriously, thats one of the easiest >> things to do. Since I have done that, I have had ZERO attempts and it >> works perfectly as long as users know the odd port. In fact, I dont >> know anyone in our IT circle of friends that runs SSH on port 22. >> >> 2. Consider controlling/limiting access via 'pf' if your running 'pf'. >> >> Of course with your examples coming from all different IPs, thats not >> likely gonna help much. >> >> 3. Just ignore it - they aren't getting in...similar to spammers >> being rejected by RBLs....its traffic, but cant be a whole lot. >> >> 4. Limit login time window too...I run a very narrow window of time >> to login and a LOW number of attempted logins per session. > > Darn. > > 1 is out because 22 is the one port that most organisations (including > mine) allow out of their networks for administering routers. > > 2 is unfortunately not an option (as a consultant I do work from many > networks) > > 4 - again I might have to log in any time ... > > 3 seems the best approach. > > Thanks for your thoughts, it's good to get second opinions. A final option is something like port knocking. (http://www.portknocking.org/) basicly a demon that checks if a specific packet/sequence has been blocked by the firewall and opens a port if the conditions are met. I havent actually tried it and it sounds a bit fiddely to be honest but it should work and theres security/knock in ports if you want to try it.
Vince > > Dave. > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
