help - under attack

[edgar]

You aren't providing nearly enough information. Is the firewall a separate machine? Obviously it isn't working or the rules aren't as strict as you think they are. If you can't change it's rules. Run pf on your machine. Or disable sshd if it's not needed. If it is use keys and disable password logins.   
  
  
  

  
  
  
  
  
>   
> On Oct 1, 2017 at 10:34 AM,  <Ernie Luzar>  wrote:
>   
>   
>  Matthias Apitz wrote:  >  El día domingo, octubre 01, 2017 a las 11:18:14a. m. -0400, Ernie Luzar escribió:  >   >>  Hello list;  >>   >>  Installed 11.1 from scratch and after about 2-3 weeks I finally got  >>  around to inspecting the /var/logs. I have never seen the auth.log file  >>  roll over before, so this peaked my interest. It was full of failed  >>  login attempts. My firewall blocks all inbound traffic, so I am very  >>  baffled be what I see in the log. Any suggestions on how this can be  >>  happening?  >>   >>  Sep 29 03:09:14 fbsd sshd[33675]: Connection closed by 149.202.179.216  >>  port 48876 [preauth]  >>  ...  >   >  If you have a firewall (about which you have not said anything), how can  >  SYN-SYN-ACK happen on port 22?  >   >  matthias My post says "My firewall blocks all inbound traffic". The login error messages do not say it on port 22. That inbound port is blocked by the firewall. All pc on the lan are powered off. Even disconnected the lan cable from the freebsd gateway host and still the error messages come out. That is why I am asking for help here. _______________________________________________ freebsd-questions at freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"  
>