Re: Options for dealing with sshd brute force attacks

To: tech-net%netbsd.org@localhost
Subject: Re: Options for dealing with sshd brute force attacks
From: John Nemeth <jnemeth%cue.bc.ca@localhost>
Date: Sun, 16 Feb 2025 20:08:24 -0800

On Dec 28, 21:07, Mouse wrote:
}
} > We all know that public facing ssh servers will get tons of brute
} > force attacks.  That's just a fact of life.
} 
} > For many machines, running blocklistd helps tremendously.  But what
} > happens when blocklistd won't help because npf can't be used?
} 
} Until Internet governance is fixed, I see no fix.  My workaround is an

     Good luck with this.

} IP blacklist at my subnet's border.  Currently, with a one-week
} expiration time, it's cruising at about twenty thousand IPs.

     My work around was to put my sshd on a different port.  Until
recently, I never saw a single hit.  Now I see a handful.

} Without knowing why you can't use npf, it's hard to more than guess
} whether that's a helpful suggestion for your use case.

     Keep in mind, that blocklistd calls /libexec/blocklistd-helper
to do the real work.  The FreeBSD version of that script has been
modified to be able to use IPF or PF.  You can modify that script
to make it do anything you want.  On one site, I modified it to
install filters on the border routers.

}-- End of excerpt from Mouse

References:
- Re: Options for dealing with sshd brute force attacks
  - From: Mouse

Prev by Date: Re: Panic / wedge from bridging tap and vlan
Next by Date: DNS resolver resolves LAN IPs
Previous by Thread: Re: Options for dealing with sshd brute force attacks
Next by Thread: Re: Options for dealing with sshd brute force attacks
Indexes:

Home | Main Index | Thread Index | Old Index