On 10/24/2011 6:08 PM, William Myers wrote:
I'm seeing the same thing from the same IP adresses.
William Myers
Associate Professor, Computer Studies
100 Belmont-Mount Holly Road
Belmont Abbey College
Belmont, NC 28012-1802
(704) 461-6823
FAX: (704) 461-5051
my...@crusader.bac.edu
On Sat, 22
Admin ValhallaProjectet ad...@thorshammare.org writes:
Probably a bunch of bots. Not very intelligent used.
It's a recurring phenomenon, sometimes called the hail mary cloud (the
odds are overwhelmingly against such things ever succeeding, but they
keep trying anyway).
Really messed up my
-Oprindelig meddelelse-
Fra: owner-freebsd-questi...@freebsd.org
[mailto:owner-freebsd-questi...@freebsd.org] På vegne af Peter N. M.
Hansteen
Sendt: den 26 oktober 2011 19:14
Til: freebsd-questions@freebsd.org
Emne: Re: SV: Breakin attempt
Admin ValhallaProjectet ad...@thorshammare.org
-Oprindelig meddelelse-
Fra: William Myers [mailto:my...@crusader.bac.edu]
Sendt: den 25 oktober 2011 00:08
Til: Admin ValhallaProjectet
Cc: freebsd-questions@freebsd.org
Emne: Re: Breakin attempt
I'm seeing the same thing from the same IP adresses.
William Myers
Associate Professor, Computer Studies
From: Bruce Cran br...@cran.org.uk
To: Polytropon free...@edvax.de
Cc: freebsd-questions@freebsd.org
Sent: Saturday, October 22, 2011 10:37 AM
Subject: Re: Breakin attempt
On 22 Oct 2011, at 15:12, Polytropon wrote:
On Sat, 22 Oct 2011 15:08:50 +0100, Bruce
-Oprindelig meddelelse-
Fra: owner-freebsd-questi...@freebsd.org
[mailto:owner-freebsd-questi...@freebsd.org] På vegne af Bill Tillman
Sendt: den 23 oktober 2011 13:56
Til: Bruce Cran; Polytropon
Cc: freebsd-questions@freebsd.org
Emne: Re: Breakin attempt
Hello all
FreeBSD odin.thorshammare.org 8.2-STABLE FreeBSD 8.2-STABLE #0: Sat Oct 22
10:14:48 CEST 2011 ha...@odin.thorshammare.org:/usr/obj/usr/src/sys/ODIN
i386
Firewall PF.
Blocking China and some other related countries in that region.
Disabled ssh root logins
Apparently, I'm
El dÃa Saturday, October 22, 2011 a las 03:43:44PM +0200, Admin
ValhallaProjectet escribió:
Hello all
FreeBSD odin.thorshammare.org 8.2-STABLE FreeBSD 8.2-STABLE #0: Sat Oct 22
10:14:48 CEST 2011 ha...@odin.thorshammare.org:/usr/obj/usr/src/sys/ODIN
i386
Firewall PF.
On 22/10/2011 14:43, Admin ValhallaProjectet wrote:
Apparently, I'm under some kind of attack, for the last 3 days.
Lots of attempts to ssh in as root from many different IP addresses.
No bruteforce attempts.
Appreciate all ideas of how to proceed with this mather.
Keep calm and carry
On Sat, 22 Oct 2011 15:08:50 +0100, Bruce Cran wrote:
I suspect that these sorts of attacks are fairly normal if you're
running ssh on the standard port. I used to have lots of 'break-in
attempts' before I moved the ssh server to a different port.
Is there _any_ reason why moving from port
On 22 Oct 2011, at 15:12, Polytropon wrote:
On Sat, 22 Oct 2011 15:08:50 +0100, Bruce Cran wrote:
I suspect that these sorts of attacks are fairly normal if you're
running ssh on the standard port. I used to have lots of 'break-in
attempts' before I moved the ssh server to a different
-Oprindelig meddelelse-
Fra: owner-freebsd-questi...@freebsd.org
[mailto:owner-freebsd-questi...@freebsd.org] På vegne af Matthias Apitz
Sendt: den 22 oktober 2011 15:59
Til: Admin ValhallaProjectet
Cc: freebsd-questions@freebsd.org
Emne: Re: Breakin attempt
El dÃa Saturday, October 22
Polytropon wrote:
On Sat, 22 Oct 2011 15:08:50 +0100, Bruce Cran wrote:
I suspect that these sorts of attacks are fairly normal if you're
running ssh on the standard port. I used to have lots of 'break-in
attempts' before I moved the ssh server to a different port.
Is there _any_ reason
Thanks for your statement.
On Sat, 22 Oct 2011 10:54:49 -0400, Michael Powell wrote:
One such relatively minor argument might be the use by external entities for
the ability to connect in a standardized way. Such a client may need to
connect but has no way of knowing in advance what port to
-Oprindelig meddelelse-
Fra: owner-freebsd-questi...@freebsd.org
[mailto:owner-freebsd-questi...@freebsd.org] På vegne af Polytropon
Sendt: den 22 oktober 2011 16:13
Til: Bruce Cran
Cc: freebsd-questions@freebsd.org
Emne: Re: Breakin attempt
On Sat, 22 Oct 2011 15:08:50 +0100, Bruce
On Sat, 22 Oct 2011 17:10:44 +0200, Hasse Hansson wrote:
It don't bother me more than cluttering up my logfiles, but I got curious if
this
Attempt was originating from one person.
That's problematic... in many cases, attackers do hijack
home PCs or corporate networks to do their dirty work
Date: Sat, 22 Oct 2011 16:12:42 +0200
From: Polytropon free...@edvax.de
Subject: Re: Breakin attempt
On Sat, 22 Oct 2011 15:08:50 +0100, Bruce Cran wrote:
I suspect that these sorts of attacks are fairly normal if you're
running ssh on the standard port. I used to have lots of 'break
On 22/10/2011 15:37, Bruce Cran wrote:
If you run some sort of shell server, or where many people need to
login using ssh, you'll have a bit of a support problem telling people
to select the non-default port. Also, some might consider it security
through obscurity, which is often said to be a
On Sat, Oct 22, 2011 at 03:58:20PM +0100, Howard Jones wrote:
On 22/10/2011 15:37, Bruce Cran wrote:
If you run some sort of shell server, or where many people need to
login using ssh, you'll have a bit of a support problem telling people
to select the non-default port. Also, some might
On Sat, Oct 22, 2011 at 10:23:23AM -0500, Robert Bonomi wrote:
Arguements aginst doing so are generally based on the 'security by
obscurity' is not security concept.
That argument _is_ 'technically accurate'. grin
Moving sshd to a non-standard port does _not_ do anything to make the
On Sat, Oct 22, 2011 at 7:12 AM, Polytropon free...@edvax.de wrote:
Is there _any_ reason why moving from port 22 to something
different is _not_ a solution?
Reason why I'm asking: Moving SSH away from its default port
seems to be a relatively good solution as break-in attempts
concentrate
Polytropon free...@edvax.de writes:
On Sat, 22 Oct 2011 15:08:50 +0100, Bruce Cran wrote:
I suspect that these sorts of attacks are fairly normal if you're
running ssh on the standard port. I used to have lots of 'break-in
attempts' before I moved the ssh server to a different port.
Is
Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org writes:
Polytropon free...@edvax.de writes:
On Sat, 22 Oct 2011 15:08:50 +0100, Bruce Cran wrote:
I suspect that these sorts of attacks are fairly normal if you're
running ssh on the standard port. I used to have lots of 'break-in
Actually this looks like fairly normal white noise you can expect on a
public facing ssh server. There are a lot of bots out there, looking for
another box to own. If you're running PF put in something like the
following.
block in quick log from {BADGUYS}
.
.
.
pass in log on $ext_if proto
Lowell == Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org
writes:
Lowell Connecting from behind other people's paranoid firewalls gets difficult
Lowell on other ports.
That's why mine's on 443. Doubly useful when I want to connect to it
from behind an outbound web proxy. :)
--
On 22/10/2011 16:12, Polytropon wrote:
Is there _any_ reason why moving from port 22 to something
different is _not_ a solution?
Yes
Reason why I'm asking: Moving SSH away from its default port
seems to be a relatively good solution as break-in attempts
concentrate on default ports. So in case
Hello,
I have thousands of similar lines in my security log each day:
Jun 9 06:34:12 designaproduct sshd[58759]: reverse mapping checking
getaddrinfo for ev1s-67-15-10-78.ev1servers.net failed - POSSIBLE BREAKIN
ATTEMPT!
Is this something I need to fear of?
Thanks,
Laszlo
Jun 9 06:34:12 designaproduct sshd[58759]: reverse mapping checking
getaddrinfo for ev1s-67-15-10-78.ev1servers.net failed - POSSIBLE
BREAKIN ATTEMPT!
Is this something I need to fear of?
The short reply:
No, but that something that the ISP ev1servers.net should clear of if
they don't want
for ev1s-67-15-10-78.ev1servers.net failed - POSSIBLE BREAKIN
ATTEMPT!
Is this something I need to fear of?
Thanks,
Laszlo
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe
Hi,
I see this messages on my server:
What signicate this? Possible invasion?
Apr 27 12:56:46 ns23 sshd[80291]: reverse mapping checking getaddrinfo for
81-196-24-250.rdsnet.ro failed - POSSIBLE BREAKIN ATTEMPT!
Apr 27 12:56:46 ns23 sshd[80292]: reverse mapping checking getaddrinfo
@freebsd.org
Subject: security warning -- POSSIBLE BREAKIN ATTEMPT!
Hi,
I see this messages on my server:
What signicate this? Possible invasion?
Apr 27 12:56:46 ns23 sshd[80291]: reverse mapping checking
getaddrinfo for
81-196-24-250.rdsnet.ro failed - POSSIBLE BREAKIN ATTEMPT!
Apr 27 12
- POSSIBLE BREAKIN ATTEMPT! Feb
5 11:18:18 gilmer sshd[78080]: reverse mapping checking getaddrinfo for
206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! Feb 5
11:18:20 gilmer sshd[78082]: reverse mapping checking getaddrinfo for
206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN
:18:17 gilmer sshd[78078]: reverse mapping checking getaddrinfo for
206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT!
Feb 5 11:18:18 gilmer sshd[78080]: reverse mapping checking getaddrinfo for
206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT!
Feb 5 11:18:20
login failures:
Feb 5 11:18:17 gilmer sshd[78078]: reverse mapping checking getaddrinfo for
206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT!
Feb 5 11:18:18 gilmer sshd[78080]: reverse mapping checking getaddrinfo for
206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN
On Mon, 06 Feb 2006 11:03:39 -0600
Kevin Kinsey [EMAIL PROTECTED] wrote:
1. edit /etc/ssh/sshd_config and make sure that only the right
users and such are allowed to login, and via the right methods.
2. If the situation allows, you can wrap sshd
via /etc/hosts.allow to only
report output...
gilmer.org login failures:
Feb 5 11:18:17 gilmer sshd[78078]: reverse mapping checking getaddrinfo for
206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT!
Feb 5 11:18:18 gilmer sshd[78080]: reverse mapping checking getaddrinfo for
206-171-37-232
security report output...
gilmer.org login failures:
Feb 5 11:18:17 gilmer sshd[78078]: reverse mapping checking
getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE
BREAKIN ATTEMPT!
Feb 5 11:18:18 gilmer sshd[78080]: reverse mapping checking
getaddrinfo for 206-171-37-232
hit with several hundred of the
messages below per dayin my security report output...
gilmer.org login failures:
Feb 5 11:18:17 gilmer sshd[78078]: reverse mapping checking
getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE
BREAKIN ATTEMPT!
Feb 5 11:18:18 gilmer sshd
dawnshade wrote:
On Tuesday 18 October 2005 21:19, Anthony Philipp wrote:
see man ssd_config for directive UseDNS or just block tcp/22 from not trusted
hosts.
Another helpfull thing to do is to limit what users can connect through
SSH using the AllowUsers directive.
In your
On Tuesday 18 October 2005 21:19, Anthony Philipp wrote:
Hello,
In my daily emails from my box I noticed this:
Oct 17 16:13:03 lupin sshd[51861]: reverse mapping checking getaddrinfo for
211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:05
lupin sshd[51863]: reverse
Hello,
In my daily emails from my box I noticed this:
Oct 17 16:13:03 lupin sshd[51861]: reverse mapping checking getaddrinfo for
211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT!
Oct 17 16:13:05 lupin sshd[51863]: reverse mapping checking getaddrinfo for
211-234-119-139.kidc.net
Oct 17 16:13:43 lupin sshd[51883]: reverse mapping checking getaddrinfo for
211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT!
Oct 17 16:13:55 lupin sshd[51885]: reverse mapping checking getaddrinfo for
211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT!
Hummm, I may
42 matches
Mail list logo