[ previous ] [ next ] [ threads ]
 From:  A dot L dot M dot Buxey at lboro dot ac dot uk
 To:  Thomas Sprinzing <thomas at sprinzing dot org>
 Cc:  Lee Sharp <leesharp at hal dash pc dot org>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] SSH NAT/PAT woes
 Date:  Mon, 8 Dec 2008 15:08:03 +0000

> seems the bad guys do actually know how to get arund that one, too:
> http://www.theregister.co.uk/2008/12/08/brute_force_ssh_attack/
> darn, how i hate this rat-race.
> it sucks big time.

SSH on port 22 ('hiding it' on other ports doesnt work)

Stop any text entry authentication - use only certificates
(strong ones too!)

Use a rate-limiter so that access from random boxes
out on the net (and you WILL be using random boxes
or else you wouldnt have port 22 listening to the whole
world in the first place!) - stops massive connections
per second/minute

port-knocking method is fairly okay for opening the
initial listener....but is a right pain if you've found
yourself stuck with a dumb device or on a captive
nework that just wont allow those ports  :-|

LOG your SSH daemon and report all failed non valid
auth attempts /brute forces to abuse@range concerned.
only through the coordinated reports of many active
people can we get the numbers of compromised systems
down...there ARE tools to help with such reporting.

> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch