Date: Wed, 11 Jan 2006 11:47:31 -0600 From: Kevin Kinsey <kdk@daleco.biz> To: Imran Imtiaz <imran@darkstar.thelakecity.com.pk> Cc: freebsd-questions@freebsd.org Subject: Re: is it an attack? Message-ID: <43C544B3.2040101@daleco.biz> In-Reply-To: <200601111627.k0BGRsQK092200@darkstar.thelakecity.com.pk> References: <200601111627.k0BGRsQK092200@darkstar.thelakecity.com.pk>
next in thread | previous in thread | raw e-mail | index | archive | help
Imran Imtiaz wrote: >I got the following messages is it really an attack attempt > >Jan 10 23:23:22 darkstar sshd[58484]: reverse mapping checking getaddrinfo >for 58.25-183.uio.satnet.net failed - POSSIBLE BREAKIN ATTEMPT! > > Might as well treat it like one. If you're in Pakistan, who in Ecuador should be ssh'ing to your computer? Of course, that's the problem ... maybe they aren't really in Ecuador.... Although /etc/hosts.allow recommends against it, I find it fairly useful to place tcpwrappers on sshd. At the very least, I can block overseas connections to a large extent. If I want an even more secure login, I restrict ssh logins to a specific host and "daisy chain" through a less-restrictively configured machine. You should also be tough with configuration (/etc/ssh/sshd_config) and consider using key-based authentication instead of passwords/ keyboard-interactive. HTH, Kevin Kinsey -- The two things that can get you into trouble quicker than anything else are fast women and slow horses.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43C544B3.2040101>