is it an attack?
Kevin Kinsey
kdk at daleco.biz
Wed Jan 11 09:49:02 PST 2006
Imran Imtiaz wrote:
>I got the following messages is it really an attack attempt
>
>Jan 10 23:23:22 darkstar sshd[58484]: reverse mapping checking getaddrinfo
>for 58.25-183.uio.satnet.net failed - POSSIBLE BREAKIN ATTEMPT!
>
>
Might as well treat it like one. If you're in Pakistan, who in
Ecuador should be ssh'ing to your computer? Of course,
that's the problem ... maybe they aren't really in Ecuador....
Although /etc/hosts.allow recommends against it, I find it
fairly useful to place tcpwrappers on sshd. At the very least,
I can block overseas connections to a large extent.
If I want an even more secure login, I restrict ssh logins to a specific
host and "daisy chain" through a less-restrictively configured machine.
You should also be tough with configuration (/etc/ssh/sshd_config)
and consider using key-based authentication instead of passwords/
keyboard-interactive.
HTH,
Kevin Kinsey
--
The two things that can get you into trouble
quicker than anything else are fast women and slow horses.
More information about the freebsd-questions
mailing list