How can I slow down the attacks on my FreeBSD Server?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

recently I've been completely obsessed with hardening incoming SSH into my server and I'm just not happy with the way that it still allowing Connections in let's take a look at [Music] that so I've got a very minimalistic PF configuration it basically sets up failed ban it blocks everything coming in and then it unblocks stuff bit further down and it blocks stuff from sssh guard fail to ban and then it a list of IP addresses that I like to stick in every now and then don't know why I do it like that I just do but there we go and then I allow in the ports that I so what can I do well the one thing that occurred to me that I don't do is any kind of rate limiting so it's just apart from fail to ban an SSH guard which kind of does rate limiting it scores connections so the more often it fails to authenticate the higher the score and then it goes into a table but what about actually doing proper rate connection should I do that I think I probably should let's um let's see so in my actually let's have a quick look so this is an allow right so what I'm going to do is I'm going to take out 522 which is my SSH port and I'm going to set up a new rule let's see what actually happens here pass in on re0 which is the the Nick Proto tcp2 Port 522 keep State any overloads goes to a table called Brute Force y so max connections 15 Max connction right so max Source connections are 15 Max source connection rate 3 over one all right now I'm really hoping this doesn't kick me out okay so now let's try logging in make sure it works and it still works that's great so there you go SSH guard is working attack from one two to blah blah blah blah that's on postfix and there you go it's blocked it Perfect Two attacks in zero seconds after three abuses over yeah cool so that's doing what I want it to do I think so hopefully those limits will will start to to go up a bit okay so what else could I do well that I've been thinking about this a lot and the other thing that I could actually do is just block all SSH connections a apart from the IP address of my remote location so my remote location is my home and my server is offsite but for all intents and purposes that offsite location is the on-site location and I am offsite so I could just go my home IP address is the only SSH IP address could I do that I probably could should I though because if I'm out and about and I need to SSH I'm bit stuffed and that also reminds me I'm just going to release my video cuz I completely forgot to do it yep part two public publish bom should have done that earlier should have done that at cor State never mind there we go right that's out life gets in the way as I mentioned before so that's a real question should I do that by way that's something I'll have to think about I think yeah okay so I'm I'm keeping the rate limmit set I'm I'm going to keep that rule and uh hello uhoh am I locked out I think I might be locked out but either that or my server has gone down oh no it's back I don't know what happened there let's have a quick look at the logs and see what happened so it's gone again is this because of rate limiting myself is that what I've done software calls connection I wonder if that's what I've done then I might have to re examine that b and redefine it I suspect that's what was doing it i' forgotten that was there so I'm going to have to uh love it when stuff goes wrong so I'm going to have to look at that a bit more in depth aren't I yeah it's not there anymore is it I that's interesting yeah all right okay so I think what was happening there then was probably that I'd put myself into the Brute Force yeah so if that's the case I need to think about that a bit more don't I yeah well that didn't work quite as I'd wanted Al I also forgot to put that in as well I mean that may may well have been the reason so let's try that again then but with that should we give that a go we give it a go I don't have a problem with that as long as I can still get to my web configuration which I can by the seems of things should be all right right so if I want to I want to show what's in that table so let's do that pfctl scroll all the way down the bottom it was near there with it right what was it called right so there's nothing in that still nothing in it that's good yeah I think actually it was I forgot to define the table there are other stuff that I can do with this like for instance I could use GP to actually list where all these attacks are coming from and then block countries that would be quite an interesting way to go I quite like the idea of that and I might explore that at another Point yeah I might do that don't know yet let's see how this um this bit goes um yeah I like the look at that there was something else I saw who was it was it on this one there was something else there that looked really good that's annoying don't you just hate it when you have something open and then you can't find it we we'll leave it there for now I think cuz I think that that seems to be working now yeah it's working now and it's because I didn't didn't Define that table well working with PF can sometimes be a bit of a hit Miss thing when you get it and you get it when it's set up really well it's it's just one of those things you can set up and forget about and that's great love it when that happens any kind of set up and forget I'm all for I'm a fan of when you see something that looked really good and then you forget about where it was that's really annoying I wonder if it's right let's have one one last look I think it might have been one of these let's have a look 24 hours later that's annoying never mind um I've got raate limiting so we'll see how that goes because I'm getting fed up of seeing people attacking leave it there for today drop a comment and uh any of you BF experts and I'm sure there are plenty of you out there just drop a comment and let me know what you think um there was something that was really elegant and I right leave it there definitely leave it there yeah drop a comment don't forget to subscribe and like the video if you find it useful rate limiting can be a great thing if you set it up right with which I think I have now got we'll see don't forget to subscribe Discord servers in the in the links in the description and I'll see you in the next video bye-bye

Info

Channel: GaryH Tech

Views: 9,116

Rating: undefined out of 5

Keywords: #FreeBSD, 5 reasons to use freebsd, FOSS, FreeBSD, FreeBSD Handbook, FreeBSD Networking, FreeBSD PKG, FreeBSD ports tree, Freebsd 13.1 changes, Freebsd 13.1 review, Freebsd 13.1 what's new, Freebsd kde, Freebsd review, GaryH Tech, NFS Server, NIX, OSS, Rdp, Unix, current, debugging, freebsd, freebsd 11, freebsd desktop, freebsd install, freebsd que es, freebsd review, freebsd vs linux, how to freebsd, install freebsd, linux, linux vs freebsd, 2024, technology

Id: Jh_roKrqGiU

Channel Id: undefined

Length: 10min 13sec (613 seconds)

Published: Wed Apr 10 2024