From owner-freebsd-questions@FreeBSD.ORG  Tue Feb  8 16:01:13 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 58C1016A4CE
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Feb 2005 16:01:13 +0000 (GMT)
Received: from smtp03.mrf.mail.rcn.net (smtp03.mrf.mail.rcn.net
	[207.172.4.62])	by mx1.FreeBSD.org (Postfix) with ESMTP id 0164843D5A
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Feb 2005 16:01:13 +0000 (GMT)
	(envelope-from crzdgns1@starpower.net)
Received: from ms07.mrf.mail.rcn.net ([207.172.4.13])
	by smtp03.mrf.mail.rcn.net with esmtp (Exim 3.35 #7)
	id 1CyXnb-0006tw-00
	for freebsd-questions@freebsd.org; Tue, 08 Feb 2005 11:01:11 -0500
Received: from 128.231.88.3
	by ms07.mrf.mail.rcn.net (MOS 3.5.6-GR)
	with HTTP/1.1;
	Tue, 8 Feb 2005 11:01:11 -0500
Date: Tue, 8 Feb 2005 11:01:11 -0500
From: <crzdgns1@starpower.net>
To: freebsd-questions@freebsd.org
X-Mailer: Mirapoint Webmail Direct 3.5.6-GR
MIME-Version: 1.0
Message-Id: <c5ead59.cb785457.81e0700@ms07.mrf.mail.rcn.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Newbie Security Concerns
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Feb 2005 16:01:13 -0000

Hello,

I am a new user of UNIX and FreeBSD and have never had to do any 
administration or security configuration myself before.  I am running 
IP Firewall on FreeBSD-5.3-RELEASE.  Last night I was checking my 
logs and discovered  that sshd reported many illegal users.  Does 
that mean my system i compromised?  As configured, there are only 
three accounts on my system, root, toor, and one user account for 
me.  I suppose you need more information from me, but am not sure 
what to provide.  Any help would be greatly appreciated.

Thanks

Mark