SSH defence



  • Hi
    Yestaday i found in my log this (3 hours spam)

    
    ...
    Nov 23 21:23:35 sshd[73470]: Failed password for invalid user tokyo from 218.108.93.133 port 54308 ssh2
    Nov 23 21:23:35 sshd[73470]: Invalid user tokyo from 218.108.93.133
    Nov 23 21:23:31 sshd[73370]: Failed password for invalid user tokyo from 218.108.93.133 port 54192 ssh2
    Nov 23 21:23:31 sshd[73370]: Invalid user tokyo from 218.108.93.133
    Nov 23 21:23:27 sshd[73273]: Failed password for invalid user tokyo from 218.108.93.133 port 54084 ssh2
    ...
    
    

    Exists SSH defense for blocked sender IP after 3-5 errors?



  • Simplest approach is to move SSH to a non-standard port.



  • This was discussed at length not long ago in this thread.
    http://forum.pfsense.org/index.php/topic,6462.0.html

    SSH is encrypted, pfSense can't tell the difference between failed and successful logins. You need host controls for this. See the linked thread for some good recommendations.



  • Thanks for replay



  • I restrict the access time with a schedule for the rule. Plus for the rule advanced options I limit the maximum new connections per x seconds. Granted this will only work if SSH isn't used by many people at once.



  • @rsw686:

    I restrict the access time with a schedule for the rule. Plus for the rule advanced options I limit the maximum new connections per x seconds. Granted this will only work if SSH isn't used by many people at once.

    Exellent. This good way too.
    Thanks.



  • it runs great for a long time!




  • I've used denyhosts before (although not on pfSense)

    http://denyhosts.sourceforge.net/

    It's a python script daemon, so I'm not exactly sure what'd be the best bet:

    rewrite in php?
    rewrite in C?
    make a python package for pfSense?

    Not that I'm volunteering for any of these options!

    Cheers,
    Littlejohn



  • Denyhost is available thru pkg_add

    just note that the package may not install all dependencies - just read the message after the install

    using it with pfsense and works fine


Log in to reply