[geeks] ssh attacks

[Mike Hebel]

> I've been tracking this thing for weeks.  It's an automated probe tool
> using known accounts.  I have some leads on the motive, but nothing
> concrete enough that I'm going to mention here.
>
> I *really* recommend that you move ssh to another port.  You'll take
> yourself off the radar for 99% of the tools out there, unless they
> REALLY  want YOUR box.


I'm an idiot here but I can't think of how to do this using IPF on the
firewall box remotely.  If I try and it fuck it up I'm locked out.

Would this work:


block in quick on le0 proto tcp from $outside_IP to $firewall_IP port = 22


Mike
----
"I think we used too much!" - Chris Knight