From owner-freebsd-questions@FreeBSD.ORG Wed Aug 24 16:00:24 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CC1516A41F for ; Wed, 24 Aug 2005 16:00:24 +0000 (GMT) (envelope-from apircalabu@bitdefender.com) Received: from mail.bitdefender.com (ns.bitdefender.com [217.156.83.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6BD543D48 for ; Wed, 24 Aug 2005 16:00:22 +0000 (GMT) (envelope-from apircalabu@bitdefender.com) Received: (qmail 32714 invoked by uid 1010); 24 Aug 2005 18:50:55 +0300 Received: from apircalabu.dsd.ro (10.10.15.22) by mail.bitdefender.com with AES256-SHA encrypted SMTP; 24 Aug 2005 18:50:55 +0300 Date: Wed, 24 Aug 2005 19:02:34 +0300 From: Adi Pircalabu To: ro ro Message-ID: <20050824190234.71424709@apircalabu.dsd.ro> In-Reply-To: <20050824042234.12260.qmail@web34103.mail.mud.yahoo.com> References: <20050824042234.12260.qmail@web34103.mail.mud.yahoo.com> Organization: BitDefender X-Mailer: Sylpheed-Claws 1.9.13 (GTK+ 2.6.9; i386-portbld-freebsd5.4) X-BitDefender-Scanner: Clean, Agent: BitDefender Qmail 1.6.2 on mail.bitdefender.com Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BitDefender-SpamStamp: 1.1.4 049000040111AAAAAAE X-BitDefender-Spam: No (0) Cc: freebsd-questions@freebsd.org Subject: Re: Illegal access attempt - FreeBSD 5.4 Release - please advise X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Aug 2005 16:00:24 -0000 On Tue, 23 Aug 2005 21:22:34 -0700 (PDT) ro ro wrote: > I took the issue of creating a good firewall quite > lightly and now I regret that decision.. now I have > learnt... Can someone provide me with guidance on this > issue and advise me on next steps to take action > against such losers. [...] > Aug 23 08:19:03 free sshd[22519]: Illegal user lp from > 210.0.142.153 You could restrict access to sshd on your system to trusted IPs only using /etc/hosts.allow. It's very effective and simple for your specific situation. man 5 hosts_access is a good start. -- Adi Pircalabu (PGP Key ID 0x04329F5E)