On Sun, Mar 7, 2010 at 16:48, Erik Norgaard norga...@locolomo.org wrote:
On 07/03/10 21:41, dacoder wrote:
has anybody suggested having sshd listen on a high port?
Any number will do, think about it:
a. The attacker doesn't really care which host is compromised any will do,
and better
On 08/03/10 18:56, Jason Garrett wrote:
Much better, restrict the client access to certain ranges of IPs. The
different registries publish ip ranges assigned per country and you can
create a list blocking countries you are certain not to visit, you can use
my script:
On Mon, Mar 8, 2010 at 16:11, Erik Norgaard norga...@locolomo.org wrote:
On 08/03/10 18:56, Jason Garrett wrote:
Much better, restrict the client access to certain ranges of IPs. The
different registries publish ip ranges assigned per country and you can
create a list blocking countries you
+++ Erik Norgaard [06/03/10 02:44 +0100]:
On 05/03/10 13:54, John wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
feel it in my network performance. Other than changing ssh to
a non-standard port
On 07/03/10 21:41, dacoder wrote:
has anybody suggested having sshd listen on a high port?
Any number will do, think about it:
a. The attacker doesn't really care which host is compromised any will
do, and better yet someones home box as it is more difficult to trace
him. In that case he
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/03/2010 06:33:53, Ian Smith wrote:
In freebsd-questions Digest, Vol 300, Issue 10, Message: 6
On Fri, 05 Mar 2010 16:07:29 + Matthew Seaman
m.sea...@infracaninophile.co.uk wrote:
On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
On Mar 6, 2010, at 4:36 AM, Matthew Seaman wrote:
Having an IPv6-only high-mx seems to terminally confuse most
spambots...
I understand why IPv6 would confuse them, but don't follow why higher
numbered MXs would be more attractive to them in the first place?
Are they assuming a 'secondary'
On Sat, 6 Mar 2010, Matthew Seaman wrote:
On 06/03/2010 06:33:53, Ian Smith wrote:
In freebsd-questions Digest, Vol 300, Issue 10, Message: 6
On Fri, 05 Mar 2010 16:07:29 + Matthew Seaman
m.sea...@infracaninophile.co.uk wrote:
On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
Matthew == Matthew Seaman m.sea...@infracaninophile.co.uk writes:
Matthew On the whole, I don't see the value in having a high-numbered MX to
Matthew dumbly accept, queue and forward messages like this.
High-numbered MX came from a time where an internal machine could
only be delivered from
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
feel it in my network performance. Other than changing ssh to
a non-standard port - is there a way to deal with these? Every
day, they originate from several
On 03/05/10 06:54, John wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
feel it in my network performance. Other than changing ssh to
a non-standard port - is there a way to deal with these? Every
On Fri, Mar 5, 2010 at 2:54 PM, John j...@starfire.mn.org wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
feel it in my network performance. Other than changing ssh to
a non-standard port
John writes:
My nightly security logs have thousands upon thousands of ssh
probes in them. One day, over 6500. This is enough that I can
actually feel it in my network performance. Other than
changing ssh to a non-standard port - is there a way to deal with
these? Every day
On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training wrote:
On 03/05/10 06:54, John wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
feel it in my network performance. Other than
On 2010-03-05 13:54, John wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
feel it in my network performance. Other than changing ssh to
a non-standard port - is there a way to deal with these? Every
/
Friday, March 5, 2010, 3:26:04 PM, you wrote:
On Fri, Mar 05, 2010 at 07:03:53AM -0600, Progr= ammer In Training
wrote:
On 03/05/10 06:54, John wrote:
My nightly security logs have thousand= s upon thousands of ssh
probes
in them. One day, over 6500. nb= sp
On Mar 5, 2010, at 8:26 AM, John wrote:
On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training
wrote:
On 03/05/10 06:54, John wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
feel it in my
On Fri, Mar 05, 2010 at 10:19:09AM -0500, mikel king wrote:
On Mar 5, 2010, at 8:26 AM, John wrote:
On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training
wrote:
On 03/05/10 06:54, John wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One
Anton == Anton an...@sng.by writes:
AntonBut, to allow acces for yourself - you could install wonderfull
Antonutility = 'knock-knock'.
Port knocking is false security.
It's equivalent to adding precisely two bytes (per knock, which can't
be too close or far apart or numerous) to the
On Fri, Mar 05, 2010 at 07:45:02AM -0800, Randal L. Schwartz wrote:
Anton == Anton an...@sng.by writes:
AntonBut, to allow acces for yourself - you could install wonderfull
Antonutility = 'knock-knock'.
Port knocking is false security.
It's equivalent to adding precisely two
John == John j...@starfire.mn.org writes:
John Yes - that's exactly what I used to do, and exactly why I used to do
John it, but now I'm thinking of actually implement https.
Rent more than one IP. :) I have a block of 8 for exactly that reason.
It allows me to run sshd on 443 *and* https on
On Mar 5, 2010, at 10:44 AM, John wrote:
On Fri, Mar 05, 2010 at 10:19:09AM -0500, mikel king wrote:
On Mar 5, 2010, at 8:26 AM, John wrote:
Way back about 10 years ago, I was playing around with IPFW a lot. I
wrote a script to update IPFW from changes made to a MySql db. It was
a just for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 15:44:39, John wrote:
Maybe I'll have to learn how to do a VPN from FreeBSD
One thought that occurs to me is that pf tables would provide a
direct API without having to hit a database.
I think I really like this. I may have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
The spamtrap is a shiny object for spam, and anything that goes there gets
blocked for an hour from hitting the low port. I presented this at a
conference once.
Having an IPv6-only high-mx seems
Matthew == Matthew Seaman m.sea...@infracaninophile.co.uk writes:
Matthew On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
The spamtrap is a shiny object for spam, and anything that goes there gets
blocked for an hour from hitting the low port. I presented this at a
conference once.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 16:12:11, Randal L. Schwartz wrote:
Matthew == Matthew Seaman m.sea...@infracaninophile.co.uk writes:
Matthew On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
The spamtrap is a shiny object for spam, and anything that goes there
mikel king wrote:
Way back about 10 years ago, I was playing around with IPFW a lot. I
wrote a script to update IPFW from changes made to a MySql db. It was a
just for fun project, that turned out to be rather useful I have some
developers that I managed who like you were road warriors.
On Fri, Mar 05, 2010 at 04:01:32PM +, Matthew Seaman wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 15:44:39, John wrote:
Maybe I'll have to learn how to do a VPN from FreeBSD
One thought that occurs to me is that pf tables would provide a
direct API
Hi,
Am 05.03.10 17:01, schrieb Matthew Seaman:
table ssh-bruteforce persist
[...near the top of the rules section...]
block drop in log quick on $ext_if fromssh-bruteforce
[...later in the rules section...]
pass in on $ext_if proto tcp \
from any to $ext_if port ssh \
flags
On Fri, Mar 05, 2010 at 05:54:50PM +0100, Matthias Fechner wrote:
Hi,
Am 05.03.10 17:01, schrieb Matthew Seaman:
table ssh-bruteforce persist
[...near the top of the rules section...]
block drop in log quick on $ext_if fromssh-bruteforce
[...later in the rules section...]
pass in on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 16:54:50, Matthias Fechner wrote:
Hi,
Am 05.03.10 17:01, schrieb Matthew Seaman:
table ssh-bruteforce persist
[...near the top of the rules section...]
block drop in log quick on $ext_if fromssh-bruteforce
[...later in the rules
On Fri, Mar 05, 2010 at 05:04:03PM +, Matthew Seaman wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 16:54:50, Matthias Fechner wrote:
Hi,
Am 05.03.10 17:01, schrieb Matthew Seaman:
table ssh-bruteforce persist
[...near the top of the rules section...]
Hi,
Am 05.03.2010 18:10, schrieb John:
I have just switched to pf from ipfw, so I am still learning the
nuances and style points.
I switched now to security/sshguard-pf.
It works perfectly and blocks also via pf.
Blocking is working there with:
table sshguard persist
block in log quick proto
Thousands of ssh probes
Friday, March 5, 2010 1:54 PM
From:
John j...@starfire.mn.org
To:
freebsd-questions@freebsd.org
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
feel it in my network performance. Other
Replies interspersed
On 3/5/10, John j...@starfire.mn.org wrote:
On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training wrote:
On 03/05/10 06:54, John wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I
Matthew Seaman wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 16:12:11, Randal L. Schwartz wrote:
Matthew == Matthew Seaman m.sea...@infracaninophile.co.uk writes:
Matthew On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
The spamtrap is a shiny object for spam, and
On 05/03/2010 13:26, John wrote:
Ah, I should have added that I travel a fair amount, and often
have to get to my systems via hotel WiFi or Aircard, so it's
impossible to predict my originating IP address in advance. If
that were not the case, this would be an excellent suggestion.
What
Tim == Tim Judd taj...@gmail.com writes:
Tim I've been in that same boat. I eventually came to the decision to:
Tim Install PPTP server software, accepting connections from any IP.
Whoa. Here we are, talking about making it *more* secure, and
you go the other direction
Randal L. Schwartz wrote:
Tim == Tim Judd taj...@gmail.com writes:
Tim I've been in that same boat. I eventually came to the decision to:
Tim Install PPTP server software, accepting connections from any IP.
Whoa. Here we are, talking about making it *more* secure, and
you go the other
On 05/03/10 13:54, John wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
feel it in my network performance. Other than changing ssh to
a non-standard port - is there a way to deal with these? Every
day
On 3/5/2010 7:44 PM, Erik Norgaard wrote:
On 05/03/10 13:54, John wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
feel it in my network performance. Other than changing ssh to
a non-standard port
On 3/5/10, Randal L. Schwartz mer...@stonehenge.com wrote:
Tim == Tim Judd taj...@gmail.com writes:
Tim I've been in that same boat. I eventually came to the decision to:
Tim Install PPTP server software, accepting connections from any IP.
Whoa. Here we are, talking about making it
That was just the quick summary. Google for PPTP security and you'll
see a top link from Bruce Schneier who basically says no way to it.
Sent from my iPhone, so blame Steve Jobs for any speeling misteaks.
On Mar 5, 2010, at 9:20 PM, Tim Judd taj...@gmail.com wrote:
..wikipedia? that's
In freebsd-questions Digest, Vol 300, Issue 10, Message: 6
On Fri, 05 Mar 2010 16:07:29 + Matthew Seaman
m.sea...@infracaninophile.co.uk wrote:
On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
The spamtrap is a shiny object for spam, and anything that goes there gets
blocked for an
44 matches
Mail list logo