From owner-freebsd-questions@FreeBSD.ORG  Fri Aug  6 13:26:12 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F191B16A4CE
	for <freebsd-questions@freebsd.org>;
	Fri,  6 Aug 2004 13:26:12 +0000 (GMT)
Received: from lakermmtao09.cox.net (lakermmtao09.cox.net [68.230.240.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3EC1843D31
	for <freebsd-questions@freebsd.org>;
	Fri,  6 Aug 2004 13:26:12 +0000 (GMT)
	(envelope-from jacoulter@jacoulter.net)
Received: from [68.105.58.150] by lakermmtao09.cox.net
          (InterMail vM.6.01.03.02.01 201-2131-111-104-103-20040709)
          with SMTP
          id <20040806132611.JJRP20883.lakermmtao09.cox.net@[68.105.58.150]>
          for <freebsd-questions@freebsd.org>;
          Fri, 6 Aug 2004 09:26:11 -0400
Received: by _HOSTNAME_ (sSMTP sendmail emulation);
	Fri,  6 Aug 2004 08:26:01 -0500
From: "James A. Coulter" <jacoulter@jacoulter.net>
Date: Fri, 6 Aug 2004 08:26:01 -0500
To: freebsd-questions@freebsd.org
Message-ID: <20040806132601.GA3043@sara.mshome.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Subject: Newbie Security Question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Aug 2004 13:26:13 -0000

I recently got my firewall up and configured (many thanks to JJB and everyone else for their help) and have been reading the daily security message from root with a great deal of interest.

My question is, when I see entries like this:

Aug  5 17:55:54 sara sshd[2099]: Failed password for root from 209.120.224.13
+port 40515 ssh2
Aug  5 17:55:55 sara sshd[2101]: Failed password for root from 209.120.224.13
+port 60426 ssh2
Aug  5 17:55:55 sara sshd[2103]: Failed password for root from 209.120.224.13
+port 54447 ssh2
Aug  5 17:55:59 sara sshd[2105]: Failed password for root from 209.120.224.13
+port 44460 ssh2

is it safe to assume someone has been trying to hack my system?

I did a whois search on the IP and it went to a provider in Colorado.

I'm asking because I'm curious - thanks again for everyone's help.

Jim C.