I can tell you what I do about these, which may not suit your situation
especially if this is on a high profile server, but if you are just
running FreeBSD for your own purposes I found this to be a great tool.
It's called BlockHosts and can be found here
http://www.aczoom.com/cms/blockhosts/
If you are on a high profile server however I wouldn't recommend this
because your hosts.allow file will fill up, otherwise you may want to
check it out.
Take care,
Michael
Oliver Fromme wrote:
Graham Menhennitt wrote:
> Christopher Hilton wrote:
> > If it's at all possible switch to using public keys for authentication
> > with ssh and disallow password authentication. This completely stops
> > the brute forcing attacks from filling up your periodic security mail.
> Are you sure about that? I only allow PublickeyAuthentication ssh2
> connections but I get lots of security mail messages like:
>
> Nov 16 01:44:08 maxwell sshd[70067]: Invalid user marcos from 202.54.49.7
> Nov 16 01:44:23 maxwell sshd[70067]: reverse mapping checking getaddrinfo
for 49-7.broadband.vsnl.net.in failed - POSSIBLE BREAKIN ATTEMPT!
Those are caused by different things. They're not caused
by wrong passwords, but by an illegal user name (first line)
or by non-matching reverse DNS (second line). These things
are checked even bevore any user keys are exchanged, so the
authentication method doesn't matter.
They can be savely ignored, because you're immune to brute-
force attacks. If you don't want to see them, a simple
"egrep -v ..." in /etc/periodic/security/800.loginfail will
do.
Best regards
Oliver
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
