Menu
▾
▴
Re: [SSHGuard-users] Auth error ignored by sshguard
|
From: <li...@la...> - 2017-01-22 22:55:01
|
Ha, I am the only legitimate client. ;-) Besides, if I don't support the standard, nothing will get through. I caught some OVH VPS hammering my email server with an outmoded crypto, which was related to poodle and/or heartbleed. http://disablessl3.com/ SHA1 is out of favor these days. Commercially they won't issue certs with SHA1. http://arstechnica.com/security/2016/05/microsoft-to-retire-support-for-sha1-certificates-in-the-next-4-months/ One of those Chinese certs was "illegally" (as if certs have any legal standing) issuing SHA1 certs. WoSign I think. My philosophy is if someone is doing goofy stuff, block them. Today you can repel them, but tomorrow there may be a zero day. In any event, these clowns can flood a service. I've been reluctant to use the ipfw table 22 the sshguard generates for anything other than port 22, but I think I will add Web and email rules. Just not port 25 because that would probably block some legitimate email. I have a number of blocks on email other than port 25, and some days block 30 or so IP addresses trying to hack the ports. I traced one supposed hacker to a (cough cough) research team claiming to be doing a survey on email ports. They provided CIDRs, so I guess they were really doing research. On the other hand, the University of Michigan attempts to mess with my imap on a daily basis, and attempts to contact them via email go nowhere. Obviously they get firewall blocked now except on 25. Original Message From: Daniel Aleksandersen Sent: Sunday, January 22, 2017 1:55 PM To: ssh...@li... Subject: Re: [SSHGuard-users] Auth error ignored by sshguard On Sun, Jan 22, 2017, at 11:53, li...@la... wrote: > >From FreeBsd auth.log: > ---------------------------------- > Jan 22 04:16:13 theranch sshd[48754]: fatal: Unable to negotiate with > 198.50.142.115 port 57860: no matching key exchange method found. Their > offer: diffie-hellman-group1-sha1 [pre auth] > --------------------- > I suppose this is an odd case for an ssh login attempt, but I figured > I'd post it for what it is worth. Sshguard didn't block the IP. Now I > suppose you can say if the key exchange method isn't supported, they > will never get it, but it seems to me that could leave the system open > to some exploit. Hm. Wouldn’t that potentially block some legitimate clients that are trying to negotiate a connection? > I'm still on rev 1.7. > > IP is OVH. Oh, I'm shocked. ;-) -- Daniel Aleksandersen ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ sshguard-users mailing list ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users |
