Re: Options for dealing with sshd brute force attacks

To: tech-net%netbsd.org@localhost
Subject: Re: Options for dealing with sshd brute force attacks
From: Jan Schaumann <jschauma%netmeister.org@localhost>
Date: Tue, 31 Dec 2024 11:25:34 -0500

John Klos <john%klos.com@localhost> wrote:

> One machine has had more than 300,000 attempted logins in the last twenty
> hours. Password based authentication is off, so I'm not worried about anyone
> getting in, but it's making logging in difficult due to MaxStartups and it's
> noticeably raising the load of the machine.
> 
> What would people recommend here?

Something that cuts down on a fair bit of annoying
traffic is just moving sshd to a different port.
That's not security through obscurity, but a trivial
way to avoid a lot of noise.

After that, security/fail2ban can work to dynamically
manage blocks down to a reasonable load.

-Jan

References:
- Options for dealing with sshd brute force attacks
  - From: John Klos

Prev by Date: Re: Options for dealing with sshd brute force attacks
Next by Date: npfctl unresponsive
Previous by Thread: Re: Options for dealing with sshd brute force attacks
Next by Thread: npfctl unresponsive
Indexes:

Home | Main Index | Thread Index | Old Index