Site Navigation

Date:      Sun, 14 Jan 2007 15:39:30 +0100
From:      Erik Norgaard <norgaard@locolomo.org>
To:        VeeJay <maanjee@gmail.com>
Cc:        FreeBSD-Questions <freebsd-questions@freebsd.org>
Subject:   Re: Please Help! How to STOP them...
Message-ID:  <45AA40A2.2000906@locolomo.org>
In-Reply-To: <2cd0a0da0701121343g7fa2535fv4a7b201f5a03aff2@mail.gmail.com>
References:  <2cd0a0da0701121343g7fa2535fv4a7b201f5a03aff2@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
VeeJay wrote:
> I am reading many hundred lines similar to below mentioned?
> 
> Could you please advise me what to do and how can I make my box more secure?
> 
> Jan  9 17:54:42 localhost sshd[5130]: reverse mapping checking getaddrinfo
> for bbs-83-179.189.218.on-nets.com [218.189.179.83] failed - POSSIBLE
> BREAK-IN ATTEMPT!
> Jan  9 17:54:42 localhost sshd[5130]: Invalid user sysadmin from
> 218.189.179.83
> 

Please, this is possibly the most frequently asked question not in the 
FAQ. Understand that whenever you make a service available on the 
internet, someone is going to try to break in. Be it ssh, smtp, dns, 
http etc. What you need to learn is to identify which attacks constitute 
a real threat to your system.

The first log entry is no sign of break in attempt. Just because a DNS 
server is misconfigured doesn't mean that people are trying to attack you.

The second line is evidence that some illicit events are recorded. But, 
there is no reason to worry about these if you have properly configured 
your box. Please search the archives for ssh brute force - this topic 
has been discussed a zillion times.

Some mention port knocking. This doesn't make people stop trying to get 
into your box. It introduces an extra hazle to do so as you first have 
to knock on the port a secret (but shared secret) sequence. Then you 
will authenticate as previously.

If you are troubled with messages in your log, there are plenty of 
ordinary things you can do:

- enforce key authentication
- restrict access to certain users or groups of users
- deny direct access as root
- enforce strong passwords, if you can't enforce key authentication
- limit the ip address space that is allowed to connect, to the space
   where you or your users are likely to be
- limit the number of simultaneous unauthenticated connections

Cheers, Erik
-- 
Ph: +34.666334818                      web: http://www.locolomo.org

[-- Attachment #2 --]
0�	*�H��

��0�

10	+0�	*�H��


��
�0�p0�X�
ET+�0
	*�H��


0110	UDK10
U
TDC10UTDC OCES CA0
061115083154Z
081115090154Z0u10	UDK1)0'U
 Ingen organisatorisk tilknytning1;0U
Erik N�rgaard0#UPID:9802-2002-2-5443697693150��0
	*�H��



��0��������WR�&���5��ʄ8#S^���f���Oパ���Br��IsPB��c�! >�r��&�8h�l3�?\.����U���GB���\E����3Q!��1Mr�w���P*�02�\|\&s�{b'`1&1�

���0��0U

��0+U$0"�20061115083154Z�20081115090154Z0�
7U �
.0�
*0�
&
*�P�)



0�
0/+

#http://www.certifikat.dk/repository0��+
0��0
TDC0

��For anvendelse af certifikatet g�lder OCES vilk�r, CPS og OCES CP, der kan hentes fra www.certifikat.dk/repository. Bem�rk, at TDC efter vilk�rene har et begr�nset ansvar ift. professionelle parter.0A+


50301+
0
�%http://ocsp.certifikat.dk/ocsp/status0 U0�norgaard@locolomo.org0��U}0{0K�I�G�E0C10	UDK10
U
TDC10UTDC OCES CA10UCRL15570,�*�(�&http://crl.oces.certifikat.dk/oces.crl0U#0�`���Vd~'gPKs�;�0U�~kG'�f+��Q{
�m&���0	U00	*�H��}A0
V7.1�0
	*�H��


�

OJ����'��|���)�%Ҋ��i`1�
^�n�E���
�jJ�w���K�Ӽ�B��65V���SǶw`�y$L=YX������ʷ�/����\�E��~��,�P���W$AB�\汎�͙
��7����%$�	N��-ށ�"/��Ww#�ғ�kM��A6�S0d�D~��\w*z�P�q��`�#�	69�
�;p��S�6 �	뛨3��:9�s_
�����.�'�³Q����$S0yA�ƶlqfL�i�0�p0�X�
ET+�0
	*�H��


0110	UDK10
U
TDC10UTDC OCES CA0
061115083154Z
081115090154Z0u10	UDK1)0'U
 Ingen organisatorisk tilknytning1;0U
Erik N�rgaard0#UPID:9802-2002-2-5443697693150��0
	*�H��



��0��������WR�&���5��ʄ8#S^���f���Oパ���Br��IsPB��c�! >�r��&�8h�l3�?\.����U���GB���\E����3Q!��1Mr�w���P*�02�\|\&s�{b'`1&1�

���0��0U

��0+U$0"�20061115083154Z�20081115090154Z0�
7U �
.0�
*0�
&
*�P�)



0�
0/+

#http://www.certifikat.dk/repository0��+
0��0
TDC0

��For anvendelse af certifikatet g�lder OCES vilk�r, CPS og OCES CP, der kan hentes fra www.certifikat.dk/repository. Bem�rk, at TDC efter vilk�rene har et begr�nset ansvar ift. professionelle parter.0A+


50301+
0
�%http://ocsp.certifikat.dk/ocsp/status0 U0�norgaard@locolomo.org0��U}0{0K�I�G�E0C10	UDK10
U
TDC10UTDC OCES CA10UCRL15570,�*�(�&http://crl.oces.certifikat.dk/oces.crl0U#0�`���Vd~'gPKs�;�0U�~kG'�f+��Q{
�m&���0	U00	*�H��}A0
V7.1�0
	*�H��


�

OJ����'��|���)�%Ҋ��i`1�
^�n�E���
�jJ�w���K�Ӽ�B��65V���SǶw`�y$L=YX������ʷ�/����\�E��~��,�P���W$AB�\汎�͙
��7����%$�	N��-ށ�"/��Ww#�ғ�kM��A6�S0d�D~��\w*z�P�q��`�#�	69�
�;p��S�6 �	뛨3��:9�s_
�����.�'�³Q����$S0yA�ƶlqfL�i�1�*0�&

090110	UDK10
U
TDC10UTDC OCES CAET+�0	+��
G0	*�H��

	1	*�H��


0	*�H��

	1
070114143930Z0#	*�H��

	1��~U��	���=�~`Z��0H	+

�71;090110	UDK10
U
TDC10UTDC OCES CAET+�0J*�H��

	1;�90110	UDK10
U
TDC10UTDC OCES CAET+�0R	*�H��

	1E0C0
*�H��
0*�H��
�0
*�H��

@0+0
*�H��

(0
	*�H��



�����T���
��8�2�R�w�

V[�3��5e���)���H����Z}�����?�>o���P�6�>B�f��_>ǝ�Q�U%�A��TeR1~��Kg7RH!��>;�T�xcB����$�.a

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45AA40A2.2000906>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact