[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: pf port knocking



change your ssh port to like 30222 or something .. 
> -----Original Message-----
> From: [email protected] 
> [mailto:[email protected]]On Behalf Of
> A
> Sent: December 17, 2004 12:12 AM
> To: [email protected]
> Subject: pf port knocking
> 
> 
> Hey all
> 
> I am getting tired of seeing the following popping up every day (with
> various IPs) on my log server.
> 
> * ROOT FAILURES 
> jasper ssh2(pw) @221.143.156.58(3) 
> * User Failures 
> admin ssh2(pw) jasper(2) 
> andrew ssh2(pw) jasper(1) 
> angel ssh2(pw) jasper(1) 
> barbara ssh2(pw) jasper(1) 
> ben ssh2(pw) jasper(1) 
> betty ssh2(pw) jasper(1) 
> billy ssh2(pw) jasper(1) 
> black ssh2(pw) jasper(1) 
> blue ssh2(pw) jasper(1) 
> brandon ssh2(pw) jasper(1) 
> brian ssh2(pw) jasper(1) 
> buddy ssh2(pw) jasper(1) 
> carmen ssh2(pw) jasper(1) 
> charlie ssh2(pw) jasper(1) 
> daniel ssh2(pw) jasper(1) 
> david ssh2(pw) jasper(1) 
> dog ssh2(pw) jasper(1) 
> emily ssh2(pw) jasper(1) 
> eric ssh2(pw) jasper(1) 
> god ssh2(pw) jasper(1) 
> green ssh2(pw) jasper(1) 
> guest ssh2(pw) jasper(1) 
> henry ssh2(pw) jasper(1) 
> jane ssh2(pw) jasper(1) 
> jason ssh2(pw) jasper(1) 
> jeremy ssh2(pw) jasper(1) 
> joe ssh2(pw) jasper(1) 
> johnny ssh2(pw) jasper(1) 
> jordan ssh2(pw) jasper(1) 
> justin ssh2(pw) jasper(1) 
> larisa ssh2(pw) jasper(1) 
> lion ssh2(pw) jasper(1) 
> lp ssh2(pw) jasper(1) 
> lucy ssh2(pw) jasper(1) 
> magic ssh2(pw) jasper(1) 
> mail ssh2(pw) jasper(1) 
> maria ssh2(pw) jasper(1) 
> market ssh2(pw) jasper(1) 
> matthew ssh2(pw) jasper(1) 
> max ssh2(pw) jasper(1) 
> michael ssh2(pw) jasper(1) 
> nathan ssh2(pw) jasper(1) 
> nicholas ssh2(pw) jasper(1) 
> nicole ssh2(pw) jasper(1) 
> operator ssh2(pw) jasper(1) 
> pub ssh2(pw) jasper(1) 
> red ssh2(pw) jasper(1) 
> robin ssh2(pw) jasper(1) 
> rose ssh2(pw) jasper(1) 
> shell ssh2(pw) jasper(1) 
> stephen ssh2(pw) jasper(1) 
> steven ssh2(pw) jasper(1) 
> system ssh2(pw) jasper(1) 
> test ssh2(pw) jasper(2) 
> tom ssh2(pw) jasper(1) 
> user ssh2(pw) jasper(1) 
> vampire ssh2(pw) jasper(1) 
> william ssh2(pw) jasper(1) 
> yellow ssh2(pw) jasper(1) 
> 
> Just script kiddies most probably. Plus, we use public/private keys on
> "jasper" so it's not like people are going to get in that 
> way. However,
> having the port wide open does give the possibility that a bug in the
> SSH daemon (if one pops up) could open the door for a hacker 
> to get in.
> 
> 
> Further, "jasper" is the only machine that is externally 
> accessible via
> SSH (the only other open ports are domain, web and mail on other
> servers). I need to leave SSH open as a number of people work remotely
> and tunnel through it to some of the services on the internal 
> network. 
> 
> Additionally, we are about to setup a system to run a VPN between our
> office and some contractors. I would like that box's IP to appear
> offline/completely closed (until required) as well.
> 
> To sum up, apart from web, mail and domain (to specific servers), I
> would much prefer that every port appear closed. To achieve this, I
> would like to implement port knocking on the gateway firewall (runs
> OBSD 3.4 and pf). For those unfamiliar with the technique, it is like
> knocking a certain pattern/code on a door to open it. Here, you fire
> connections at a server on designated ports to instruct the 
> firewall to
> open a port. So, if the firewall detects a connection on ports 14289,
> 32883, 1234 and 3428 (in that order), port 22 is opened for the
> relevant IP address.
> 
> Has anyone heard of anyone working on a portknocking daemon for
> OBSD/pf? There are a couple of basic setups over at
> www.portknocking.org but thought I would check here before 
> attempting a
> port. 
> 
> If no work has begun, I think I will take the perl prototype script
> they have at portknocking.org and see what I can do for pf. I would
> imagine I will have to setup anchors in pf which I haven't 
> done yet but
> am sure I will get my head around it. Any pointers would be
> appreciated! :)
> 
> I will also need to write a windows util to do the knocking for the
> contractors - can Perl run on a Windows machine or will I have to dust
> off my C compiler? :)
> 
> Andrew
> 
> Find local movie times and trailers on Yahoo! Movies.
> http://au.movies.yahoo.com
>