Hacker Scans - Advice requested
Morten Liebach
m at mongers.org
Sun Aug 8 02:01:30 PDT 2004
On 2004-08-08 06:16:19 +0100, Mike Bruce wrote:
> Please can you help me?
>
> I am getting increasingly plagued by this message in my security log on
> my V4 installations of FreeBSD
>
> 06:48:53 mail sshd[18617]: Failed password for illegal user admin from
> 210.3.4.71 port 39741 ssh2 Aug 7
You're far from alone. Eg. see:
http://www.securityfocus.com/archive/75/371086/2004-08-05/2004-08-11/1
> Is there any way that this can be prevented without impairing the
> services provided by the operating system.
I only allow publickey/skey logins, so I felt pretty safe, but got tired
of looking at the logs, so I moved the sshd to a random high port. Then
you can append something like this to ~/.ssh/config:
Host short
Hostname short.verylongdomainname-or-impossibletorememberIP.tld
Port 43462
User your-mom
Now you can just do 'ssh short' and it'll use the right portnumber and
username and dnsname (it could bbe an IP address too).
Or, as another poster said, just firewall it away, or even use a
combination.
Have a nice day
Morten
--
http://m.mongers.org/ -- http://gallery.zentience.org/
__END__
More information about the freebsd-questions
mailing list