|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: "ssh" attacks
From: Alexander Hall (alexander
beard.se)
Date: Thu Jun 01 2006 - 02:52:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tobias Ulmer wrote:
> This topic comes up in regular intervals of 6 month on every *nix
> mailinglist i'm on.
> It's stupid (sorry, but it is):
> Gained "security" = 0%
>
> Leave it just as it is. You don't have anything to fear anything if
> you use decent passwords. Otherwise don't offer a ssh service!
I keep the following setup in my pf.conf for bandwidth/cpu, not
security, reasons:
---------
[...]
table <ssh-white> persist { 127.0.0.1, ... }
[...]
# Hosts in whitelist are always allowed to connect unlimited
# Non-whitelisted Linux hosts are blocked
# Allow other ssh connections with limited connection rate
pass in quick on $ext_if proto tcp from <ssh-white> to ($ext_if:0) \
port ssh keep state label "ssh-white"
block in quick on $ext_if proto tcp from any os Linux to ($ext_if:0) \
port ssh label "ssh-linux"
pass in quick on $ext_if proto tcp from any to ($ext_if) \
port ssh flags S/SA keep state (max-src-conn-rate 1/30) \
label "ssh-other"
[...]
---------
/Alexander
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]