sshd possible breakin attempt messages
Nigel (Merv) Hughes
merv at merv.org.uk
Tue Feb 7 01:13:09 PST 2006
I don't know much about the nuts and bolts of FreeBSD or Security, but I
resently had the same problem as you. I found that the Denyhosts port
(http://denyhosts.sourceforge.net/index.html) fixed the problem very well.
The non-standard, host.evil, set-up works best with the FreeBSD host.allow
format. You end up with a host.allow that looks a bit like this:
# Denyhost Cron Job checks the logs and adds
# the bad IPs to hosts.evil
ALL: /usr/local/etc/hosts.evil : deny
# Trust everyone until the logs say they tried a bad thing.
ALL : ALL : allow
The FAQs on the website are very good and the Denyhosts' config file is well
commented so the set-up and install is very easy.
I hope this helps.
On Monday 06 February 2006 16:23, Brad Gilmer wrote:
> Hello all,
> I guess one of the banes of our existance as Sys Admins is that people are
> always pounding away at our systems trying to break in. Lately, I have
> been getting hit with several hundred of the messages below per dayin my
> security report output...
> gilmer.org login failures:
> Feb 5 11:18:17 gilmer sshd: reverse mapping checking getaddrinfo
> for 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! Feb
> 5 11:18:18 gilmer sshd: reverse mapping checking getaddrinfo for
> 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! Feb 5
> 11:18:20 gilmer sshd: reverse mapping checking getaddrinfo for
> 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT!
> I am running FreeBSD 5.4 RELEASE, and right now this box is not a
> production machine, but I am going to be taking it live fairly soon.
> 1) Is there anything I should be doing to thwart this particular attack?
> 2) Given that I am on 5.4, should I upgrade my sshd or do anything else at
> this point to make sure my machine is as secure as possible? 3)
> (Meta-question) - Should I upgrade to 6.0 before I go live to be sure I am
> in the best possible security situation going forward? Should I wait until
> 6.1 for bug fixes (generally I am opposed to n.0 anything).
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions