Re: Options for dealing with sshd brute force attacks

To: John Klos <john%klos.com@localhost>
Subject: Re: Options for dealing with sshd brute force attacks
From: Michael Richardson <mcr%sandelman.ca@localhost>
Date: Sun, 29 Dec 2024 13:16:47 -0500

John Klos <john%klos.com@localhost> wrote:
    > We all know that public facing ssh servers will get tons of brute force
    > attacks. That's just a fact of life.

Yes.
Do you have Password Logins enabled?
(even if no accounts can actually login that way)
I find that not having it as a method turns away many script kiddies.

    > For many machines, running blocklistd helps tremendously. But what
    > happens when blocklistd won't help because npf can't be used?

I don't run NetBSD much anymore, but why can't npf be used?
On my mail server, I blackhole route any IP which hits my submission port
with an invalid password.

References:
- Options for dealing with sshd brute force attacks
  - From: John Klos

Prev by Date: Re: Options for dealing with sshd brute force attacks
Next by Date: Re: Options for dealing with sshd brute force attacks
Previous by Thread: Re: Options for dealing with sshd brute force attacks
Next by Thread: Re: Options for dealing with sshd brute force attacks
Indexes:

Home | Main Index | Thread Index | Old Index