|
[20060107]
|
Fighting ssh password guessing attempts (Update #2)
If you've looked in your /var/log/authlog recently, it's likely that
you seem something like:
Dec 11 09:21:50 xxx sshd[15335]: Failed password for root from 220.[...]
Dec 11 09:21:53 xxx sshd[2720]: Failed password for root from 220.13[...]
Dec 11 09:21:56 xxx sshd[7260]: Failed password for root from 220.13[...]
Dec 11 09:22:28 xxx sshd[1762]: Illegal user enterprise from 220.135[...]
Dec 11 09:22:31 xxx sshd[20415]: Illegal user release from 220.135.88.151
Dec 11 09:22:34 xxx sshd[2405]: Illegal user release from 220.135.88.151
Dec 11 09:22:37 xxx sshd[27329]: Illegal user release from 220.135.88.151
Dec 11 09:22:40 xxx sshd[22310]: Illegal user release from 220.135.88.151
While I know that NetBSD will withstand those annoying attempts as long
as accounts are protected by good passwords (or even better, SSH keys),
I sometimes wish to lock out people doing those attempts.
And there's help, in the form of a blog article
(found via the #NetBSD Community Blog)
describing
how to use pop-before-smtp and IPfilter
to firewall those people into eternity. (As far as I understand,
the pop-before-smtp thing is mostly used to emulate 'tail -f',
so I dare saying the meat of that article could be rewritten to only
use tools that come with NetBSD. Any takers? Send URL! :)
Update:
Ian Spray has taken the challenge and made a version
that only uses tools that come with NetBSD.
See his blog entry!
Update #2:
Geert also brought
this variant
to my attention, which convers IPFilter, PF and IPFW
(For FreeBSD, obviously). He found it in
the BSDWiki.
[Tags: ipfilter, networking, Security, ssh]
|
