ipfw: getsockopt(blaaaaaah) Is your kernel configured for firewall work? Check LINT for options.
As well you should be able to use tcpwrappers, look in /etc/hosts.allow. You could add a deny for this 'persons' ip addy denying him/her/it access to your sshd daemon. NOTE: It is 'normally not a good idea' to do this, but if you don't want to rebuild with a firewall configured kernel it will suffice. Hope this helps. R. On Tue, 4 Mar 2003, Phillip Smith (mailing list) wrote: > > I found this in my logs and I'm wondering if this is a hacking attempt? > Should I be concerned? > > Also, if/when I see these, I'd like to add them to a blocked list using > /sbin/ipfw, but get the following message when trying this command: > > # /sbin/ipfw add 1 deny all from 151.204.100.88:255.255.255.255 to any > ipfw: getsockopt(IP_FW_ADD): Protocol not available > > > freedom.domain.com login failures: > Mar 2 11:38:33 freedom sshd[47912]: Failed none for illegal user test > from 64.21.10.2 > port 36747 ssh2 > Mar 2 11:38:33 freedom sshd[47912]: Failed publickey for illegal user > test from > 64.21.10.2 port 36747 ssh2 > Mar 2 11:38:34 freedom sshd[47912]: Failed keyboard-interactive for > illegal user test > from 64.21.10.2 port 36747 ssh2 > Mar 2 11:38:34 freedom sshd[47912]: Failed password for illegal user > test from > 64.21.10.2 port 36747 ssh2 > Mar 2 11:38:34 freedom sshd[47912]: Failed password for illegal user > test from > 64.21.10.2 port 36747 ssh2 > Mar 2 11:38:37 freedom sshd[47913]: Failed none for illegal user oracle > from 64.21.10.2 > port 36984 ssh2 > Mar 2 11:38:38 freedom sshd[47913]: Failed publickey for illegal user > oracle from > 64.21.10.2 port 36984 ssh2 > Mar 2 11:38:38 freedom sshd[47913]: Failed keyboard-interactive for > illegal user oracle > from 64.21.10.2 port 36984 ssh2 > Mar 2 11:38:38 freedom sshd[47913]: Failed password for illegal user > oracle from > 64.21.10.2 port 36984 ssh2 > Mar 2 11:38:38 freedom sshd[47913]: Failed password for illegal user > oracle from > 64.21.10.2 port 36984 ssh2 > Mar 2 11:38:41 freedom sshd[47914]: Failed none for illegal user guest > from 64.21.10.2 > port 37171 ssh2 > Mar 2 11:38:41 freedom sshd[47914]: Failed publickey for illegal user > guest from > 64.21.10.2 port 37171 ssh2 > Mar 2 11:38:41 freedom sshd[47914]: Failed keyboard-interactive for > illegal user guest > from 64.21.10.2 port 37171 ssh2 > Mar 2 11:38:41 freedom sshd[47914]: Failed password for illegal user > guest from > 64.21.10.2 port 37171 ssh2 > Mar 2 11:38:41 freedom sshd[47914]: Failed password for illegal user > guest from > 64.21.10.2 port 37171 ssh2 > Mar 2 11:38:44 freedom sshd[47915]: Failed password for ROOT from > 64.21.10.2 port 37187 > ssh2 > Mar 2 11:38:45 freedom sshd[47915]: Failed password for ROOT from > 64.21.10.2 port 37187 > ssh2 > Mar 2 11:38:48 freedom sshd[47916]: Failed password for nobody from > 64.21.10.2 port > 37211 ssh2 > Mar 2 11:38:48 freedom sshd[47916]: Failed password for nobody from > 64.21.10.2 port > 37211 ssh2 > Mar 2 11:38:52 freedom sshd[47917]: Failed password for games from > 64.21.10.2 port > 37215 ssh2 > Mar 2 11:38:52 freedom sshd[47917]: Failed password for games from > 64.21.10.2 port > 37215 ssh2 > Mar 2 11:38:56 freedom sshd[47918]: Failed none for illegal user user > from 64.21.10.2 > port 37217 ssh2 > Mar 2 11:38:56 freedom sshd[47918]: Failed publickey for illegal user > user from > 64.21.10.2 port 37217 ssh2 > Mar 2 11:38:56 freedom sshd[47918]: Failed keyboard-interactive for > illegal user user > from 64.21.10.2 port 37217 ssh2 > Mar 2 11:38:56 freedom sshd[47918]: Failed password for illegal user > user from > 64.21.10.2 port 37217 ssh2 > Mar 2 11:38:56 freedom sshd[47918]: Failed password for illegal user > user from > 64.21.10.2 port 37217 ssh2 > Mar 2 11:38:59 freedom sshd[47919]: Failed password for ROOT from > 64.21.10.2 port 37218 > ssh2 > Mar 2 11:38:59 freedom sshd[47919]: Failed password for ROOT from > 64.21.10.2 port 37218 > > > -- > Phillip > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
