Hello John, I would suggest you just block ssh acces for everyone.
But, to allow acces for yourself - you could install wonderfull utility = 'knock-knock'. It listen on specified ports (they could be closed), and, on receiving p= redefined knock-knock (for example - 2 knocks in 9000 tcp port, one knock t= o 8000 port, one at 27145 tcp port and final at 29000 udp port) it dynamica= lly inserts rule in за (шт my case, ipfw) ruleset, which allows acc= ess for host which knocks http://www.marksanborn.net/linux/add-port-knocking- to-ssh-for-extra-security/ Friday, March 5, 2010, 3:26:04 PM, you wrote: > On Fri, Mar 05, 2010 at 07:03:53AM -0600, Progr= ammer In Training wrote: >> On 03/05/10 06:54, John wrote: >> > My nightly security logs have thousand= s upon thousands of ssh probes >> > in them. One day, over 6500. &nb= sp;This is enough that I can actually >> > "feel" it in my network performance. &= nbsp;Other than changing ssh to >> > a non-standard port - is there a way t= o deal with these? Every >> > day, they originate from several diffe= rent IP addresses, so I can't >> > just put in a static firewall rule. &n= bsp;Is there a way to get ssh >> > to quit responding to a port or a way = to generate a dynamic pf >> > rule in cases like this? >> Can you not deny all ssh attempts and then = allow only from certain, >> trusted IPs? > Ah, I should have added that I travel a fair am= ount, and often > have to get to my systems via hotel WiFi or Air= card, so it's > impossible to predict my originating IP address= in advance. If > that were not the case, this would be an excell= ent suggestion. >> -- >> Yours In Christ, >> PIT >> Emails are not formal business letters, wha= tever businesses may want. >> Original content copyright under the OWL&nb= sp;[1]http://owl.apot heon.org >> Please do not CC me. If I'm posting to a li= st it is because I am subscribed. -- Best regards, Anton = ; [2]mailto:an...@sng.by Administrator Feel free to contact me via ICQ 363780596 via Skype dobryak47 via phone +375 29 3320987 References 1. 3D"http://owl.apotheon.org"/ 2. 3D"mailto:an...@sng.by" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"