The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
Article Feedback - RAID-5 drive failure
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Higher port is just great
Author: dobermann 
Date:   04-12-06 08:43

I use higher ports for my sshds since I first had a "public server".
I was scanned and brute forced all the time...
Now the auth_log is just looking good :]

Higher port + auth key only = good security (the only matter is to remind which server has which port)

http://www.sens-interdit.fr/

Reply To This Message
 
 Re: Higher port is just great
Author: Dan 
Date:   04-12-06 12:25

dobermann wrote:

> I was scanned and brute forced all the time...

Does this mean the attacks were successful?

--
Webmaster

Reply To This Message
 
 Re: Higher port is just great
Author: dobermann 
Date:   04-12-06 12:31

Nope :)

I just watched my logs grow and grow with hacking attempts... but never been owned.

http://www.sens-interdit.fr/

Reply To This Message
 
 Re: Higher port is just great
Author: Johan 
Date:   10-12-06 11:05

Not really a fan of putting sshd on a higher port, I only use public key
auth, combined with the AllowUsers directive in sshd_config, that'll
keep most bad guys out. I carry my public key and putty on my usb
stick so I can always connect. Random high ports have a nasty tendancy
to be blocked when you're out and about.

I still get a lot of bruteforce attempts (that will fail) however I
mitigate that with pf:

pass in log on $ext_if proto tcp from any to $ssh_server port ssh flags S/SA keep state \
(max-src-conn 10, max-src-conn-rate 5/3, overload <bruteforce> flush global)

The bruteforce table is purged with the expiretable
(sysutils/expiretable) utility in cron.



Reply To This Message
 
 Re: Higher port is just great
Author: Martin 
Date:   10-12-06 14:32

Well, it's correct with the high ports availability from various (mainly corporate) networks.

Hm, one solution, I am currently playing with, is having OpenVPN listening on port 22. But it's just an idea..

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org