Please Help! How to STOP them...
Erik Norgaard
norgaard at locolomo.org
Sun Jan 14 15:15:43 UTC 2007
VeeJay wrote:
> I am reading many hundred lines similar to below mentioned?
>
> Could you please advise me what to do and how can I make my box more secure?
>
> Jan 9 17:54:42 localhost sshd[5130]: reverse mapping checking getaddrinfo
> for bbs-83-179.189.218.on-nets.com [218.189.179.83] failed - POSSIBLE
> BREAK-IN ATTEMPT!
> Jan 9 17:54:42 localhost sshd[5130]: Invalid user sysadmin from
> 218.189.179.83
>
Please, this is possibly the most frequently asked question not in the
FAQ. Understand that whenever you make a service available on the
internet, someone is going to try to break in. Be it ssh, smtp, dns,
http etc. What you need to learn is to identify which attacks constitute
a real threat to your system.
The first log entry is no sign of break in attempt. Just because a DNS
server is misconfigured doesn't mean that people are trying to attack you.
The second line is evidence that some illicit events are recorded. But,
there is no reason to worry about these if you have properly configured
your box. Please search the archives for ssh brute force - this topic
has been discussed a zillion times.
Some mention port knocking. This doesn't make people stop trying to get
into your box. It introduces an extra hazle to do so as you first have
to knock on the port a secret (but shared secret) sequence. Then you
will authenticate as previously.
If you are troubled with messages in your log, there are plenty of
ordinary things you can do:
- enforce key authentication
- restrict access to certain users or groups of users
- deny direct access as root
- enforce strong passwords, if you can't enforce key authentication
- limit the ip address space that is allowed to connect, to the space
where you or your users are likely to be
- limit the number of simultaneous unauthenticated connections
Cheers, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3408 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070114/7b54f564/smime.bin
More information about the freebsd-questions
mailing list