From owner-freebsd-questions@FreeBSD.ORG  Fri Jan 12 21:48:05 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B824616A407
	for <freebsd-questions@freebsd.org>;
	Fri, 12 Jan 2007 21:48:05 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from mx00.pub.collaborativefusion.com
	(mx00.pub.collaborativefusion.com [206.210.89.199])
	by mx1.freebsd.org (Postfix) with ESMTP id 67D9F13C44B
	for <freebsd-questions@freebsd.org>;
	Fri, 12 Jan 2007 21:48:05 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from vanquish.pgh.priv.collaborativefusion.com
	(vanquish.pgh.priv.collaborativefusion.com [192.168.2.61])
	(SSL: TLSv1/SSLv3,256bits,AES256-SHA)
	by wingspan with esmtp; Fri, 12 Jan 2007 16:48:04 -0500
	id 00056425.45A80214.000113F1
Date: Fri, 12 Jan 2007 16:48:04 -0500
From: Bill Moran <wmoran@collaborativefusion.com>
To: VeeJay <maanjee@gmail.com>
Message-Id: <20070112164804.c1130071.wmoran@collaborativefusion.com>
In-Reply-To: <2cd0a0da0701121343g7fa2535fv4a7b201f5a03aff2@mail.gmail.com>
References: <2cd0a0da0701121343g7fa2535fv4a7b201f5a03aff2@mail.gmail.com>
Organization: Collaborative Fusion
X-Mailer: Sylpheed 2.3.0 (GTK+ 2.10.6; i386-portbld-freebsd6.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: FreeBSD-Questions <freebsd-questions@freebsd.org>
Subject: Re: Please Help! How to STOP them...
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2007 21:48:05 -0000

In response to VeeJay <maanjee@gmail.com>:

> I am reading many hundred lines similar to below mentioned?
> 
> Could you please advise me what to do and how can I make my box more secure?
> 
> Jan  9 17:54:42 localhost sshd[5130]: reverse mapping checking getaddrinfo
> for bbs-83-179.189.218.on-nets.com [218.189.179.83] failed - POSSIBLE
> BREAK-IN ATTEMPT!
> Jan  9 17:54:42 localhost sshd[5130]: Invalid user sysadmin from
> 218.189.179.83

Somebody is trying to break in to your system:

In order to stop the messages, disconnect the system from the Internet,
the attacker will then be unable to reach it.

There are, however, less drastic workarounds.  An exercise with google will
turn up a number of programs that will reduce the problem to a manageable
level.  This topic comes up about once a week on this list alone.

-- 
Bill Moran
Collaborative Fusion Inc.