Re: avoid logging useless ssh brute force attempts

2008-02-03 Thread johan beisser
On Feb 3, 2008, at 9:12 PM, Ted Unangst wrote: you still don't gain anything. what percentage of your traffic is coming from unallocated space? I'm not disagreeing with you in that it's wasted effort. It is. This is why I personally use overload tables.

Re: avoid logging useless ssh brute force attempts

2008-02-03 Thread Ted Unangst
On 2/2/08, johan beisser [EMAIL PROTECTED] wrote: Not entirely true. Bogons are not supposed to be routed, or routable. It doesn't mean someone can't just throw up a BGP advert for a Bogon range and start using it, or intentionally spoof addresses from the route. you still don't gain

Re: avoid logging useless ssh brute force attempts

2008-02-02 Thread elpinguim
On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote: 2008/2/1, elpinguim [EMAIL PROTECTED]: Configuring pf to not even respond to unallocated ip space also helps. Search for Bogon filtering. No. This just adds another way for things to go wrong. KISS. :-) Really, what things?

Re: avoid logging useless ssh brute force attempts

2008-02-02 Thread Tony Abernethy
elpinguim wrote: On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote: 2008/2/1, elpinguim [EMAIL PROTECTED]: Configuring pf to not even respond to unallocated ip space also helps. Search for Bogon filtering. No. This just adds another way for things to go wrong. KISS.

Re: avoid logging useless ssh brute force attempts

2008-02-02 Thread Martin Schröder
2008/2/2, elpinguim [EMAIL PROTECTED]: On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote: No. This just adds another way for things to go wrong. KISS. :-) Really, what things? Script it, set cron to call it, done. Simple. IP addresses that are bogon today may not be bogon

Re: avoid logging useless ssh brute force attempts

2008-02-02 Thread elpinguim
On Sat, Feb 02, 2008 at 05:26:59AM -0600, Tony Abernethy wrote: elpinguim wrote: On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote: 2008/2/1, elpinguim [EMAIL PROTECTED]: Configuring pf to not even respond to unallocated ip space also helps. Search for Bogon filtering.

Re: avoid logging useless ssh brute force attempts

2008-02-02 Thread elpinguim
On Sat, Feb 02, 2008 at 12:47:54PM +0100, Martin Schr?der wrote: 2008/2/2, elpinguim [EMAIL PROTECTED]: On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote: No. This just adds another way for things to go wrong. KISS. :-) Really, what things? Script it, set cron to call it,

Re: avoid logging useless ssh brute force attempts

2008-02-02 Thread Wijnand Wiersma
I don't think bogons are able to complete the TCP handshake since you don't know how to route back. Filtering those will not make sure there are less log messages about ssh logins Wijnand

Re: avoid logging useless ssh brute force attempts

2008-02-02 Thread johan beisser
On Feb 2, 2008, at 6:32 AM, Wijnand Wiersma wrote: I don't think bogons are able to complete the TCP handshake since you don't know how to route back. Filtering those will not make sure there are less log messages about ssh logins Not entirely true. Bogons are not supposed to be routed,

Re: avoid logging useless ssh brute force attempts

2008-02-01 Thread Richard Toohey
On 1/02/2008, at 8:39 PM, Peter N. M. Hansteen wrote: Chris [EMAIL PROTECTED] writes: my logs are filled with useless ssh bruteforce attempts - is there anything i can do to avoid logging random brute force attacks? since i disallow ssh root login and use the allowuser acl - i guess i

Re: avoid logging useless ssh brute force attempts

2008-02-01 Thread Matt
Chris schreef: my logs are filled with useless ssh bruteforce attempts - is there anything i can do to avoid logging random brute force attacks? since i disallow ssh root login and use the allowuser acl - i guess i could just avoid logging all these random attacks in my logs. Any suggestions

Re: avoid logging useless ssh brute force attempts

2008-02-01 Thread Richard Toohey
On 1/02/2008, at 9:11 PM, Richard Toohey wrote: On 1/02/2008, at 8:39 PM, Peter N. M. Hansteen wrote: Chris [EMAIL PROTECTED] writes: my logs are filled with useless ssh bruteforce attempts - is there anything i can do to avoid logging random brute force attacks? since i disallow ssh

Re: avoid logging useless ssh brute force attempts

2008-02-01 Thread Olivier Mehani
On Fri, Feb 01, 2008 at 06:11:17PM +1100, Chris wrote: my logs are filled with useless ssh bruteforce attempts - is there anything i can do to avoid logging random brute force attacks? since i disallow ssh root login and use the allowuser acl - i guess i could just avoid logging all these

Re: avoid logging useless ssh brute force attempts

2008-02-01 Thread Dennis Davis
On Fri, 1 Feb 2008, Matt wrote: From: Matt [EMAIL PROTECTED] To: Chris [EMAIL PROTECTED] Cc: OpenBSD Misc misc@openbsd.org Date: Fri, 01 Feb 2008 09:25:02 +0100 Subject: Re: avoid logging useless ssh brute force attempts ... One of the suggestions I have seen on this list is to enable

Re: avoid logging useless ssh brute force attempts

2008-02-01 Thread Peter N. M. Hansteen
Dennis Davis [EMAIL PROTECTED] writes: /usr/ports/sysutils/expiretable for an easy way to set this up, either as a daemon process or run out of cron. recent versions of pfctl has expire functionality built in, but expiretable still works too -- Peter N. M. Hansteen, member of the first RFC

Re: avoid logging useless ssh brute force attempts

2008-02-01 Thread elpinguim
On Fri, Feb 01, 2008 at 06:11:17PM +1100, Chris wrote: my logs are filled with useless ssh bruteforce attempts - is there anything i can do to avoid logging random brute force attacks? since i disallow ssh root login and use the allowuser acl - i guess i could just avoid logging all these

Re: avoid logging useless ssh brute force attempts

2008-02-01 Thread Martin Schröder
2008/2/1, elpinguim [EMAIL PROTECTED]: Configuring pf to not even respond to unallocated ip space also helps. Search for Bogon filtering. No. This just adds another way for things to go wrong. KISS. :-) But I can understand that Penguins think it's a great idea. Best Martin

avoid logging useless ssh brute force attempts

2008-01-31 Thread Chris
my logs are filled with useless ssh bruteforce attempts - is there anything i can do to avoid logging random brute force attacks? since i disallow ssh root login and use the allowuser acl - i guess i could just avoid logging all these random attacks in my logs. Any suggestions would be much

Re: avoid logging useless ssh brute force attempts

2008-01-31 Thread johan beisser
I've simply added in an overload rule to pf on my server. This has helped significantly. On Jan 31, 2008, at 11:11 PM, Chris wrote: my logs are filled with useless ssh bruteforce attempts - is there anything i can do to avoid logging random brute force attacks? since i disallow ssh root

Re: avoid logging useless ssh brute force attempts

2008-01-31 Thread Peter N. M. Hansteen
Chris [EMAIL PROTECTED] writes: my logs are filled with useless ssh bruteforce attempts - is there anything i can do to avoid logging random brute force attacks? since i disallow ssh root login and use the allowuser acl - i guess i could just avoid logging all these random attacks in my logs.