[nycbug-talk] another thread: sshd zombie attacks

[Andy Kosela]

Matt Juszczak <matt at atopia.net> wrote:

> > Fix your firewall.  That issue has been discussed here before and I will
> > state once again that it is dangerous opening 22/tcp to the whole world.
>
> What if port 22 is open up to the world but it's only to certain "jump 
> boxes" and those jump boxes are really sensitive to attacks?

If you must have a box with sshd(8) widely open, then I would consider
running at least pf(4) on it.  It has some nice features to stop these
kind of attacks.

--Andy