Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Disable ssh access for password-guessing bots' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Disable ssh access for password-guessing bots
Authored by: corienti on Oct 10, '08 09:56:33AM

I agree with both of you - changing the port WILL stop the constant bot scans - they only check port 22.
However it won't stop a targeted attack.
I prefer to run SSH on a nonstandard port to stop the bot scans, AND disable password login to help defend against targeted attack.

I ALSO don't believe in scanning the logfile for failed logins; I simply have the firewall start dropping ALL packets from an IP that hits my SSH port more frequently than a certain rate, say 10 times in 8 seconds.

Nobody, including even me, has any business hitting my SSH port at a high rate. So if anyone does, simply drop all packets (not just SSH!) from them for the next hour or so. Or day, if you like.

I'm not sure how to do this with ipfw cos I don't use it, as all my Macs sit behind NATing firewall that I set up personally; but it's easy enough to do with iptables (Linux) or pf (OpenBSD) and I have iptables doing it at home and pf doing it at work. I'm sure it's easy enough to do with ipfw.

(actually, I tell a small lie; it's actually slightly tricky with pf - but still no major hassle)



[ Reply to This | # ]
Disable ssh access for password-guessing bots
Authored by: isancho on Oct 10, '08 10:11:24AM

I don't think that IPFW lets you overload tables dynamically like PF. I'm willing (and hoping) to be proven wrong on this, though.



[ Reply to This | # ]