bsdannounce at gmail.com
Fri Dec 22 19:18:42 PST 2006
I can tell you what I do about these, which may not suit your situation
especially if this is on a high profile server, but if you are just
running FreeBSD for your own purposes I found this to be a great tool.
It's called BlockHosts and can be found here
If you are on a high profile server however I wouldn't recommend this
because your hosts.allow file will fill up, otherwise you may want to
check it out.
Oliver Fromme wrote:
> Graham Menhennitt wrote:
> > Christopher Hilton wrote:
> > > If it's at all possible switch to using public keys for authentication
> > > with ssh and disallow password authentication. This completely stops
> > > the brute forcing attacks from filling up your periodic security mail.
> > Are you sure about that? I only allow PublickeyAuthentication ssh2
> > connections but I get lots of security mail messages like:
> > Nov 16 01:44:08 maxwell sshd: Invalid user marcos from 22.214.171.124
> > Nov 16 01:44:23 maxwell sshd: reverse mapping checking getaddrinfo for 49-7.broadband.vsnl.net.in failed - POSSIBLE BREAKIN ATTEMPT!
> Those are caused by different things. They're not caused
> by wrong passwords, but by an illegal user name (first line)
> or by non-matching reverse DNS (second line). These things
> are checked even bevore any user keys are exchanged, so the
> authentication method doesn't matter.
> They can be savely ignored, because you're immune to brute-
> force attacks. If you don't want to see them, a simple
> "egrep -v ..." in /etc/periodic/security/800.loginfail will
> Best regards
More information about the freebsd-stable