sshd BREAKIN ?

[fbsd_user]

What you are seeing is ssh doing it's job like its designed to do.
This is not anything you have to worry about.
If you don't want to see these messages in your auth.log then
change syslog.conf to only send critical messages to the log.

There are a few different ports in the FreeBSD ports collection
which address this problem by adding deny ip address rules to
your firewall. The denyhosts port is the most popular.
But this is just make busy work as it does not really provide
any greater security than ssh is providing it's self.

The facts of life is script kiddies and robots roll through ranges
of
ip address looking for open ssh ports and then mount a attack. There
is
nothing you can do about this except change the port
number ssh uses to some high port number.


Here is document to explain how to do that in detail.

http://elibrary.fultus.com/technical/index.jsp?topic=/com.fultus.doc
s.software/books/ssh_how-to/cover.html



-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Tang Ho Yim
Sent: Thursday, March 30, 2006 10:49 PM
To: freebsd-questions at freebsd.org
Subject: sshd BREAKIN ?


I got a error messages from /var/log/auth.log which is about
sshd......

  .....sshd : reverse mapping checking getaddrinfo for
core-01.148.rdcw.com failed - POSSIBLE BREAKIN ATTEMPT !

  all my sshd_config is default setting except I have change to
"PasswordAuthentication NO , PermitEmptyPasswords NO , and
ChallengeResponseAuthentication NO"

  Is that I am being hack ?
  last command show who is login before but it seem ok....
  What should I do ?

  Thanks !


---------------------------------
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low
rates.
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"