Please Help! How to STOP them...

Gerard Seibert gerard at
Fri Jan 12 22:51:19 UTC 2007

On Friday January 12, 2007 at 04:54:37 (PM) Reko Turja wrote:

> >I am reading many hundred lines similar to below mentioned?
> >
> > Could you please advise me what to do and how can I make my box more 
> > secure?
> >
> > Jan  9 17:54:42 localhost sshd[5130]: reverse mapping checking 
> > getaddrinfo
> > for [] failed - 
> > Jan  9 17:54:42 localhost sshd[5130]: Invalid user sysadmin from
> >
> It's basically just script kiddies trying to get in using some ready 
> made user/password pairs.
> Lots of info covering this has been posted in these newsgroups 
> previously, but some things you might consider
> Moving your sshd port somewhere else than 22 - the prepackaged 
> "cracking" programs don't scan ports, just blindly try out the default 
> port - with determined/skilled attacker it's different matter entirely 
> though.

Security through Obscurity is not true security at all. You are simply
assuming that other ports are not being scanned.
> Use some kind of portblocker (lots in ports tree) which closes the 
> port after predetermined number of attempts - or as an alternative, 
> use PF to close the port for IP's in question after predetermined 
> number of connection attempts in given time.
> Use key based authentication and stop using passwords altogether.

A very secure method. I would recommend this along with making sure your
firewall is properly configured and all unnecessary ports closed, etc.
> Remember to keep ssh1 disabled as well as direct root access into ssh 
> from the ssh config file.


For GOOGLE (L)Users:  

"RAM Disk" is not an installation procedure.

More information about the freebsd-questions mailing list