Thank you Patrick. I don't receive that many of them. Maybe a dozen or
so since I've set up my server, which was a few years ago. Mostly with
the same IP but sometimes different IP as well. And all those I've
received so far were in the last few months.
They surprise me because on the firewall the sshd is forwarded from a
non-standard port (i.e. port 22 isn't open).
I am interested what security precaution FreeBSD is trying to do here.
Is the sshd server receiving an ssh login request from an IP, that can't
be resolved back to a domain in the reverse DNS (PTR) record for that IP?
On 18/07/2018 20:13, Patrick Proniewski wrote:
Hi,
You can ignore them totally (you should), and if you can't, make sure you limit
possibility of brute force attack on your sshd:
- configure a firewall to stop them
- and/or activate blacklistd on sshd
- and/or change listening port of sshd
I get thousands of these every day, won't kill you and not worth losing your
time.
On 18 juil. 2018, at 22:07, Grzegorz Junka <li...@gjunka.com> wrote:
Sometimes I am receiving messages like this from my server:
nas.myserver.mydomain.com login failures:
Jul 17 08:35:02 nas sshd[5994]: reverse mapping checking getaddrinfo for
162.132-254-62.static.virginmediabusiness.co.uk [62.254.132.162] failed -
POSSIBLE BREAK-IN ATTEMPT!
On different days they are from different IPs and they would-be mapped to
different reverse dns names. How to deal with those messages/attempts?
GrzegorzJ
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
