Block IP

Oliver Fromme olli at
Fri Dec 22 00:06:26 PST 2006

Graham Menhennitt wrote:
 > Christopher Hilton wrote:
 > > If it's at all possible switch to using public keys for authentication
 > > with ssh and disallow password authentication. This completely stops
 > > the brute forcing attacks from filling up your periodic security mail.
 > Are you sure about that? I only allow PublickeyAuthentication ssh2
 > connections but I get lots of security mail messages like:
 > Nov 16 01:44:08 maxwell sshd[70067]: Invalid user marcos from
 > Nov 16 01:44:23 maxwell sshd[70067]: reverse mapping checking getaddrinfo for failed - POSSIBLE BREAKIN ATTEMPT!

Those are caused by different things.  They're not caused
by wrong passwords, but by an illegal user name (first line)
or by non-matching reverse DNS (second line).  These things
are checked even bevore any user keys are exchanged, so the
authentication method doesn't matter.

They can be savely ignored, because you're immune to brute-
force attacks.  If you don't want to see them, a simple
"egrep -v ..." in /etc/periodic/security/800.loginfail will

Best regards

Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD:
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

'Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.'

More information about the freebsd-stable mailing list