From: "VeeJay" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "FreeBSD-Questions"
<freebsd-questions@freebsd.org>
Sent: Friday, January 12, 2007 11:43 PM
Subject: Please Help! How to STOP them...
I am reading many hundred lines similar to below mentioned?
Could you please advise me what to do and how can I make my box more
secure?
Jan 9 17:54:42 localhost sshd[5130]: reverse mapping checking
getaddrinfo
for bbs-83-179.189.218.on-nets.com [218.189.179.83] failed -
POSSIBLE
BREAK-IN ATTEMPT!
Jan 9 17:54:42 localhost sshd[5130]: Invalid user sysadmin from
218.189.179.83
It's basically just script kiddies trying to get in using some ready
made user/password pairs.
Lots of info covering this has been posted in these newsgroups
previously, but some things you might consider
Moving your sshd port somewhere else than 22 - the prepackaged
"cracking" programs don't scan ports, just blindly try out the default
port - with determined/skilled attacker it's different matter entirely
though.
Use some kind of portblocker (lots in ports tree) which closes the
port after predetermined number of attempts - or as an alternative,
use PF to close the port for IP's in question after predetermined
number of connection attempts in given time.
Use key based authentication and stop using passwords altogether.
Remember to keep ssh1 disabled as well as direct root access into ssh
from the ssh config file.
-Reko
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
