Options for dealing with sshd brute force attacks

To: tech-net%netbsd.org@localhost
Subject: Options for dealing with sshd brute force attacks
From: John Klos <john%klos.com@localhost>
Date: Sat, 28 Dec 2024 20:23:11 +0000 (UTC)

Hi,

We all know that public facing ssh servers will get tons of brute forceattacks. That's just a fact of life.

For many machines, running blocklistd helps tremendously. But what happenswhen blocklistd won't help because npf can't be used?

OpenSSH doesn't use tcpwrappers any longer, but I suppose I could launchit from inetd as one option.

One machine has had more than 300,000 attempted logins in the last twentyhours. Password based authentication is off, so I'm not worried aboutanyone getting in, but it's making logging in difficult due to MaxStartupsand it's noticeably raising the load of the machine.


What would people recommend here?

Thanks,
John

Follow-Ups:
- Re: Options for dealing with sshd brute force attacks
  - From: Jan Schaumann
- Re: Options for dealing with sshd brute force attacks
  - From: Greg A. Woods
- Re: Options for dealing with sshd brute force attacks
  - From: Michael Richardson
- Re: Options for dealing with sshd brute force attacks
  - From: Taylor R Campbell
- Re: Options for dealing with sshd brute force attacks
  - From: Jarle Greipsland
- Re: Options for dealing with sshd brute force attacks
  - From: Mouse
- Re: Options for dealing with sshd brute force attacks
  - From: Michael van Elst
- Re: Options for dealing with sshd brute force attacks
  - From: Rhialto

Prev by Date: Re: NetBSD packet filter
Next by Date: Re: Diagnosing dhcpcd crashes [was Re: Looking to address two networking issues with NetBSD 10]
Previous by Thread: squid, DNS and no buffer space
Next by Thread: Re: Options for dealing with sshd brute force attacks
Indexes:

Home | Main Index | Thread Index | Old Index