Block IP
security
security at jim-liesl.org
Fri Dec 22 23:19:54 PST 2006
Oliver Fromme wrote:
> Graham Menhennitt wrote:
> > Christopher Hilton wrote:
> > > If it's at all possible switch to using public keys for authentication
> > > with ssh and disallow password authentication. This completely stops
> > > the brute forcing attacks from filling up your periodic security mail.
> > Are you sure about that? I only allow PublickeyAuthentication ssh2
> > connections but I get lots of security mail messages like:
> >
> > Nov 16 01:44:08 maxwell sshd[70067]: Invalid user marcos from 202.54.49.7
> > Nov 16 01:44:23 maxwell sshd[70067]: reverse mapping checking getaddrinfo for 49-7.broadband.vsnl.net.in failed - POSSIBLE BREAKIN ATTEMPT!
>
> Those are caused by different things. They're not caused
> by wrong passwords, but by an illegal user name (first line)
> or by non-matching reverse DNS (second line). These things
> are checked even bevore any user keys are exchanged, so the
> authentication method doesn't matter.
>
> They can be savely ignored, because you're immune to brute-
> force attacks. If you don't want to see them, a simple
> "egrep -v ..." in /etc/periodic/security/800.loginfail will
> do.
>
> Best regards
> Oliver
>
>
I can't remember but has anyone mentioned "blocksshd"? it's in
ports/security. I still prefer locking down to public key only, but
blocksshd is nice.
More information about the freebsd-stable
mailing list