Block IP
Oliver Fromme
olli at lurza.secnetix.de
Fri Dec 22 00:06:26 PST 2006
Graham Menhennitt wrote:
> Christopher Hilton wrote:
> > If it's at all possible switch to using public keys for authentication
> > with ssh and disallow password authentication. This completely stops
> > the brute forcing attacks from filling up your periodic security mail.
> Are you sure about that? I only allow PublickeyAuthentication ssh2
> connections but I get lots of security mail messages like:
>
> Nov 16 01:44:08 maxwell sshd[70067]: Invalid user marcos from 202.54.49.7
> Nov 16 01:44:23 maxwell sshd[70067]: reverse mapping checking getaddrinfo for 49-7.broadband.vsnl.net.in failed - POSSIBLE BREAKIN ATTEMPT!
Those are caused by different things. They're not caused
by wrong passwords, but by an illegal user name (first line)
or by non-matching reverse DNS (second line). These things
are checked even bevore any user keys are exchanged, so the
authentication method doesn't matter.
They can be savely ignored, because you're immune to brute-
force attacks. If you don't want to see them, a simple
"egrep -v ..." in /etc/periodic/security/800.loginfail will
do.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
'Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.'
More information about the freebsd-stable
mailing list