From owner-freebsd-questions@FreeBSD.ORG  Wed Mar  2 07:46:50 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7535016A4CE
	for <freebsd-questions@freebsd.org>;
	Wed,  2 Mar 2005 07:46:50 +0000 (GMT)
Received: from ns.mccme.ru (ns.mccme.ru [62.117.108.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8A7AF43D49
	for <freebsd-questions@freebsd.org>;
	Wed,  2 Mar 2005 07:46:48 +0000 (GMT)	(envelope-from emin@mccme.ru)
Received: from mccme.ru (IDENT:root@mccme.ru [62.117.108.7])
	by ns.mccme.ru (8.12.10/8.12.10) with ESMTP id j227rEGt075451;
	Wed, 2 Mar 2005 10:53:14 +0300 (MSK)
	(envelope-from emin@mccme.ru)
Received: from mccme.ru (IDENT:emin@localhost.mccme.ru [127.0.0.1])
	by mccme.ru (8.9.3/8.9.3) with SMTP id KAA24444;
	Wed, 2 Mar 2005 10:46:59 +0300
Date: Wed, 2 Mar 2005 10:46:59 +0300
From: "Eugene M. Minkovskii" <emin@mccme.ru>
To: Stevan Tiefert <stevan@rot-1.de>
Message-ID: <20050302074659.GA22958@mccme.ru>
References: <20050302075507.P23359@mail.rot-1.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20050302075507.P23359@mail.rot-1.de>
User-Agent: Mutt/1.4.2.1i
Organization: MCCME Moscow
X-DCC-meer-Metrics: ns.mccme.ru 1086; Body=2 Fuz1=2 Fuz2=2
X-MCCME-Spam: No, score=0.039 required=5 tests=AWL
cc: freebsd-questions@freebsd.org
Subject: Re: sshd
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2005 07:46:50 -0000

On Wed, Mar 02, 2005 at 08:00:13AM +0100, Stevan Tiefert wrote:
" Hello list,
" 
" when I am watching the /var/log/auth.log I see many missed logins from
" IP-addresses I never tried to login from. Am I right that they is a hacker
" trying to login on my mashine, because he was using loginnames I never
" created on my mashine like patrick, lydia, green, admin, and so on...?
" 
" With regards
" Stevan Tiefert

It seems to you are right. If you know that you go to you mashine
only from one or two IP, you can write it in your firewall. For
example, if you use ipfw:

ext_if=rl0
trusted_ip=1.2.3.4,3.4.2.1
ipfw add allow tcp from $trusted_ip to me ssh in recv $ext_if
ipfw add allow tcp from me ssh to $trusted_ip out xmit $ext_if

Or something else.


" _______________________________________________
" freebsd-questions@freebsd.org mailing list
" http://lists.freebsd.org/mailman/listinfo/freebsd-questions
" To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

-- 
Sensory  yours, Eugene  Minkovskii
Сенсорно ваш,   Евгений Миньковский