These attacks are almost exclusively automated, looking to install a script to launch spam runs from. They're essentially trying common username and weak password combinations - blank password, passwords the same as the user name, abc123, etc. There are four things you can do to improve the secutiy of sshd: 1. Move sshd to listen on a different port. This will not protect against a concerted attack, though. 2. Check for weak passwords. John the ripper can help out with that. pam_passwdqc(8) can help you enforce strong passwords. 3. Integrate an automated log monitoring system that looks for *successful* logins, since those are really what you're worried about anyway. This can be difficult to manage if you have a log of regular shell users. 4. Keep up-to-date with security patches and advisories. Attacking your system through password guessing is much harder than using a vulnerability in sshd or some other service.
I have a security guide for FreeBSD at: http://www.syslog.org/Content-5-4.phtml Jerry http://www.syslog.org > Would someone mind briefly talking about securing FBSD systems from > such attacks, at least in a manner that's a bit more extensive and > detailed than just saying "use Snort"? I'm not a newbie to FBSD, but > I'm not a *NIX guru either. I'd really appreciate your help. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
