On Mon, Mar 8, 2010 at 16:11, Erik Norgaard wrote:
> On 08/03/10 18:56, Jason Garrett wrote:
>
> Much better, restrict the client access to certain ranges of IPs. The
>>> different registries publish ip ranges assigned per country and you can
>>> create a list blocking countries you are certain
On 08/03/10 18:56, Jason Garrett wrote:
Much better, restrict the client access to certain ranges of IPs. The
different registries publish ip ranges assigned per country and you can
create a list blocking countries you are certain not to visit, you can use
my script:
http://www.locolomo.org/
On Sun, Mar 7, 2010 at 16:48, Erik Norgaard wrote:
> On 07/03/10 21:41, dacoder wrote:
>
> has anybody suggested having sshd listen on a high port?
>>
>
> Any number will do, think about it:
>
> a. The attacker doesn't really care which host is compromised any will do,
> and better yet someones
On 07/03/10 21:41, dacoder wrote:
has anybody suggested having sshd listen on a high port?
Any number will do, think about it:
a. The attacker doesn't really care which host is compromised any will
do, and better yet someones home box as it is more difficult to trace
him. In that case he wi
+++ Erik Norgaard [06/03/10 02:44 +0100]:
On 05/03/10 13:54, John wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
"feel" it in my network performance. Other than changing ssh to
a non-standard port - i
> "Matthew" == Matthew Seaman writes:
Matthew> On the whole, I don't see the value in having a high-numbered MX to
Matthew> dumbly accept, queue and forward messages like this.
High-numbered MX came from a time where an internal machine could
only be delivered from outside via an external ga
On Sat, 6 Mar 2010, Matthew Seaman wrote:
> On 06/03/2010 06:33:53, Ian Smith wrote:
> > In freebsd-questions Digest, Vol 300, Issue 10, Message: 6
> > On Fri, 05 Mar 2010 16:07:29 + Matthew Seaman
> > wrote:
> > > On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
> > > > The spamtrap
On Mar 6, 2010, at 4:36 AM, Matthew Seaman wrote:
Having an IPv6-only high-mx seems to terminally confuse most
spambots...
I understand why IPv6 would confuse them, but don't follow why higher
numbered MXs would be more attractive to them in the first place?
Are they assuming a 'secondary' MX
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/03/2010 06:33:53, Ian Smith wrote:
> In freebsd-questions Digest, Vol 300, Issue 10, Message: 6
> On Fri, 05 Mar 2010 16:07:29 + Matthew Seaman
> wrote:
> > On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
> > > The spamtrap is a shiny o
In freebsd-questions Digest, Vol 300, Issue 10, Message: 6
On Fri, 05 Mar 2010 16:07:29 + Matthew Seaman
wrote:
> On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
> > The spamtrap is a shiny object for spam, and anything that goes there gets
> > blocked for an hour from hitting the low po
That was just the quick summary. Google for "PPTP security" and you'll
see a top link from Bruce Schneier who basically says no way to it.
Sent from my iPhone, so blame Steve Jobs for any speeling misteaks.
On Mar 5, 2010, at 9:20 PM, Tim Judd wrote:
..wikipedia? that's informative and use
On 3/5/10, Randal L. Schwartz wrote:
>> "Tim" == Tim Judd writes:
>
> Tim> I've been in that same boat. I eventually came to the decision to:
> Tim> Install PPTP server software, accepting connections from any IP.
>
> Whoa. Here we are, talking about making it *more* secure, and
> you go
On 3/5/2010 7:44 PM, Erik Norgaard wrote:
> On 05/03/10 13:54, John wrote:
>> My nightly security logs have thousands upon thousands of ssh probes
>> in them. One day, over 6500. This is enough that I can actually
>> "feel" it in my network performance. Other than changing ssh to
>> a non-standa
On 05/03/10 13:54, John wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
"feel" it in my network performance. Other than changing ssh to
a non-standard port - is there a way to deal with these? Every
da
Randal L. Schwartz wrote:
"Tim" == Tim Judd writes:
Tim> I've been in that same boat. I eventually came to the decision to:
Tim> Install PPTP server software, accepting connections from any IP.
Whoa. Here we are, talking about making it *more* secure, and
you go the other direction
> "Tim" == Tim Judd writes:
Tim> I've been in that same boat. I eventually came to the decision to:
Tim> Install PPTP server software, accepting connections from any IP.
Whoa. Here we are, talking about making it *more* secure, and
you go the other direction
http://en.wikipedia.org
On 05/03/2010 13:26, John wrote:
Ah, I should have added that I travel a fair amount, and often
have to get to my systems via hotel WiFi or Aircard, so it's
impossible to predict my originating IP address in advance. If
that were not the case, this would be an excellent suggestion.
What about
Matthew Seaman wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 16:12:11, Randal L. Schwartz wrote:
"Matthew" == Matthew Seaman writes:
Matthew> On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
The spamtrap is a shiny object for spam, and anything that goes there gets
bloc
Replies interspersed
On 3/5/10, John wrote:
> On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training wrote:
>> On 03/05/10 06:54, John wrote:
>> > My nightly security logs have thousands upon thousands of ssh probes
>> > in them. One day, over 6500. This is enough that I can actually
Thousands of ssh probes
Friday, March 5, 2010 1:54 PM
From:
"John"
To:
freebsd-questions@freebsd.org
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
"feel" it in my network performance. Other than changing ss
Hi,
Am 05.03.2010 18:10, schrieb John:
> I have just switched to pf from ipfw, so I am still learning the
> nuances and style points.
I switched now to security/sshguard-pf.
It works perfectly and blocks also via pf.
Blocking is working there with:
table persist
block in log quick proto tcp fro
On Fri, Mar 05, 2010 at 05:04:03PM +, Matthew Seaman wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 05/03/2010 16:54:50, Matthias Fechner wrote:
> > Hi,
> >
> > Am 05.03.10 17:01, schrieb Matthew Seaman:
> >> table persist
> >> [...near the top of the rules section...]
> >>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 16:54:50, Matthias Fechner wrote:
> Hi,
>
> Am 05.03.10 17:01, schrieb Matthew Seaman:
>> table persist
>> [...near the top of the rules section...]
>> block drop in log quick on $ext_if from
>>
>> [...later in the rules section...]
>>
On Fri, Mar 05, 2010 at 05:54:50PM +0100, Matthias Fechner wrote:
> Hi,
>
> Am 05.03.10 17:01, schrieb Matthew Seaman:
> >table persist
> >[...near the top of the rules section...]
> >block drop in log quick on $ext_if from
> >
> >[...later in the rules section...]
> >pass in on $ext_if proto tcp
Hi,
Am 05.03.10 17:01, schrieb Matthew Seaman:
table persist
[...near the top of the rules section...]
block drop in log quick on $ext_if from
[...later in the rules section...]
pass in on $ext_if proto tcp \
from any to $ext_if port ssh \
flags S/SA keep state\
mikel king wrote:
Way back about 10 years ago, I was playing around with IPFW a lot. I
wrote a script to update IPFW from changes made to a MySql db. It was a
just for fun project, that turned out to be rather useful I have some
developers that I managed who like you were road warriors. They
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 16:12:11, Randal L. Schwartz wrote:
>> "Matthew" == Matthew Seaman writes:
>
> Matthew> On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
>>> The spamtrap is a shiny object for spam, and anything that goes there gets
>>> blocked for
> "Matthew" == Matthew Seaman writes:
Matthew> On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
>> The spamtrap is a shiny object for spam, and anything that goes there gets
>> blocked for an hour from hitting the low port. I presented this at a
>> conference once.
Matthew> Having an IPv6-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 15:51:52, Randal L. Schwartz wrote:
> The spamtrap is a shiny object for spam, and anything that goes there gets
> blocked for an hour from hitting the low port. I presented this at a
> conference once.
Having an IPv6-only high-mx seems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2010 15:44:39, John wrote:
> Maybe I'll have to learn how to do a VPN from FreeBSD
>
> One thought that occurs to me is that pf tables would provide a
> direct API without having to hit a database.
>
> I think I really like this. I may
On Mar 5, 2010, at 10:44 AM, John wrote:
On Fri, Mar 05, 2010 at 10:19:09AM -0500, mikel king wrote:
On Mar 5, 2010, at 8:26 AM, John wrote:
Way back about 10 years ago, I was playing around with IPFW a lot. I
wrote a script to update IPFW from changes made to a MySql db. It was
a just for f
> "John" == John writes:
John> Yes - that's exactly what I used to do, and exactly why I used to do
John> it, but now I'm thinking of actually implement https.
Rent more than one IP. :) I have a block of 8 for exactly that reason.
It allows me to run sshd on 443 *and* https on a different
On Fri, Mar 05, 2010 at 07:45:02AM -0800, Randal L. Schwartz wrote:
> > "Anton" == Anton writes:
>
> Anton>But, to allow acces for yourself - you could install wonderfull
> Anton>utility = 'knock-knock'.
>
> Port knocking is false security.
>
> It's equivalent to adding precisely t
> "Anton" == Anton writes:
Anton>But, to allow acces for yourself - you could install wonderfull
Anton>utility = 'knock-knock'.
Port knocking is false security.
It's equivalent to adding precisely two bytes (per knock, which can't
be too close or far apart or numerous) to the key l
On Fri, Mar 05, 2010 at 10:19:09AM -0500, mikel king wrote:
>
> On Mar 5, 2010, at 8:26 AM, John wrote:
>
> >On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training
> >wrote:
> >>On 03/05/10 06:54, John wrote:
> >>>My nightly security logs have thousands upon thousands of ssh probes
>
On Mar 5, 2010, at 8:26 AM, John wrote:
On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training
wrote:
On 03/05/10 06:54, John wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
"feel" it in m
On 2010-03-05 13:54, John wrote:
My nightly security logs have thousands upon thousands of ssh probes
in them. One day, over 6500. This is enough that I can actually
"feel" it in my network performance. Other than changing ssh to
a non-standard port - is there a way to deal with these? Ever
On Fri, Mar 05, 2010 at 07:03:53AM -0600, Programmer In Training wrote:
> On 03/05/10 06:54, John wrote:
> > My nightly security logs have thousands upon thousands of ssh probes
> > in them. One day, over 6500. This is enough that I can actually
> > "feel" it in my network performance. Other tha
On Fri, Mar 5, 2010 at 2:54 PM, John wrote:
> My nightly security logs have thousands upon thousands of ssh probes
> in them. One day, over 6500. This is enough that I can actually
> "feel" it in my network performance. Other than changing ssh to
> a non-standard port - is there a way to deal w
On 03/05/10 06:54, John wrote:
> My nightly security logs have thousands upon thousands of ssh probes
> in them. One day, over 6500. This is enough that I can actually
> "feel" it in my network performance. Other than changing ssh to
> a non-standard port - is there a way to deal with these? Ev
40 matches
Mail list logo
