From owner-freebsd-questions@FreeBSD.ORG Wed Mar 2 07:46:50 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7535016A4CE for ; Wed, 2 Mar 2005 07:46:50 +0000 (GMT) Received: from ns.mccme.ru (ns.mccme.ru [62.117.108.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A7AF43D49 for ; Wed, 2 Mar 2005 07:46:48 +0000 (GMT) (envelope-from emin@mccme.ru) Received: from mccme.ru (IDENT:root@mccme.ru [62.117.108.7]) by ns.mccme.ru (8.12.10/8.12.10) with ESMTP id j227rEGt075451; Wed, 2 Mar 2005 10:53:14 +0300 (MSK) (envelope-from emin@mccme.ru) Received: from mccme.ru (IDENT:emin@localhost.mccme.ru [127.0.0.1]) by mccme.ru (8.9.3/8.9.3) with SMTP id KAA24444; Wed, 2 Mar 2005 10:46:59 +0300 Date: Wed, 2 Mar 2005 10:46:59 +0300 From: "Eugene M. Minkovskii" To: Stevan Tiefert Message-ID: <20050302074659.GA22958@mccme.ru> References: <20050302075507.P23359@mail.rot-1.de> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20050302075507.P23359@mail.rot-1.de> User-Agent: Mutt/1.4.2.1i Organization: MCCME Moscow X-DCC-meer-Metrics: ns.mccme.ru 1086; Body=2 Fuz1=2 Fuz2=2 X-MCCME-Spam: No, score=0.039 required=5 tests=AWL cc: freebsd-questions@freebsd.org Subject: Re: sshd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2005 07:46:50 -0000 On Wed, Mar 02, 2005 at 08:00:13AM +0100, Stevan Tiefert wrote: " Hello list, " " when I am watching the /var/log/auth.log I see many missed logins from " IP-addresses I never tried to login from. Am I right that they is a hacker " trying to login on my mashine, because he was using loginnames I never " created on my mashine like patrick, lydia, green, admin, and so on...? " " With regards " Stevan Tiefert It seems to you are right. If you know that you go to you mashine only from one or two IP, you can write it in your firewall. For example, if you use ipfw: ext_if=rl0 trusted_ip=1.2.3.4,3.4.2.1 ipfw add allow tcp from $trusted_ip to me ssh in recv $ext_if ipfw add allow tcp from me ssh to $trusted_ip out xmit $ext_if Or something else. " _______________________________________________ " freebsd-questions@freebsd.org mailing list " http://lists.freebsd.org/mailman/listinfo/freebsd-questions " To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Sensory yours, Eugene Minkovskii Сенсорно ваш, Евгений Миньковский