Block IP
Michael
bsdannounce at gmail.com
Fri Dec 22 19:18:42 PST 2006
I can tell you what I do about these, which may not suit your situation
especially if this is on a high profile server, but if you are just
running FreeBSD for your own purposes I found this to be a great tool.
It's called BlockHosts and can be found here
http://www.aczoom.com/cms/blockhosts/
If you are on a high profile server however I wouldn't recommend this
because your hosts.allow file will fill up, otherwise you may want to
check it out.
Take care,
Michael
Oliver Fromme wrote:
> Graham Menhennitt wrote:
> > Christopher Hilton wrote:
> > > If it's at all possible switch to using public keys for authentication
> > > with ssh and disallow password authentication. This completely stops
> > > the brute forcing attacks from filling up your periodic security mail.
> > Are you sure about that? I only allow PublickeyAuthentication ssh2
> > connections but I get lots of security mail messages like:
> >
> > Nov 16 01:44:08 maxwell sshd[70067]: Invalid user marcos from 202.54.49.7
> > Nov 16 01:44:23 maxwell sshd[70067]: reverse mapping checking getaddrinfo for 49-7.broadband.vsnl.net.in failed - POSSIBLE BREAKIN ATTEMPT!
>
> Those are caused by different things. They're not caused
> by wrong passwords, but by an illegal user name (first line)
> or by non-matching reverse DNS (second line). These things
> are checked even bevore any user keys are exchanged, so the
> authentication method doesn't matter.
>
> They can be savely ignored, because you're immune to brute-
> force attacks. If you don't want to see them, a simple
> "egrep -v ..." in /etc/periodic/security/800.loginfail will
> do.
>
> Best regards
> Oliver
>
>
More information about the freebsd-stable
mailing list