Date: Fri, 12 Jan 2007 14:39:02 -0800 From: Garrett Cooper <youshi10@u.washington.edu> To: freebsd-questions@freebsd.org Subject: Re: Please Help! How to STOP them... Message-ID: <45A80E06.8030405@u.washington.edu> In-Reply-To: <2cd0a0da0701121425r2db393b0n8f21289c0bd48970@mail.gmail.com> References: <2cd0a0da0701121343g7fa2535fv4a7b201f5a03aff2@mail.gmail.com> <01f401c73694$417d7830$0a0aa8c0@rivendell> <2cd0a0da0701121425r2db393b0n8f21289c0bd48970@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VeeJay wrote: > Thanks Reko.... > > Just couple of more questions... > > > On 1/12/07, Reko Turja <reko.turja@liukuma.net> wrote: >> >> From: "VeeJay" <maanjee@gmail.com> >> To: <maanjee@gmail.com>; "FreeBSD-Questions" >> <freebsd-questions@freebsd.org> >> Sent: Friday, January 12, 2007 11:43 PM >> Subject: Please Help! How to STOP them... >> >> >> >I am reading many hundred lines similar to below mentioned? >> > >> > Could you please advise me what to do and how can I make my box more >> > secure? >> > >> > Jan 9 17:54:42 localhost sshd[5130]: reverse mapping checking >> > getaddrinfo >> > for bbs-83-179.189.218.on-nets.com [218.189.179.83] failed - >> > POSSIBLE >> > BREAK-IN ATTEMPT! >> > Jan 9 17:54:42 localhost sshd[5130]: Invalid user sysadmin from >> > 218.189.179.83 >> >> It's basically just script kiddies trying to get in using some ready >> made user/password pairs. >> >> Lots of info covering this has been posted in these newsgroups >> previously, but some things you might consider >> >> Moving your sshd port somewhere else than 22 - the prepackaged >> "cracking" programs don't scan ports, just blindly try out the default >> port - with determined/skilled attacker it's different matter entirely >> though. > > > How to change the port from 22 to something other and in what range > should I > choose a number? > > > Use some kind of portblocker (lots in ports tree) which closes the >> port after predetermined number of attempts - or as an alternative, >> use PF to close the port for IP's in question after predetermined >> number of connection attempts in given time. > > > Can you suggest such port which I should install to block these attempts? > > Use key based authentication and stop using passwords altogether. > > > What do you mean here? > > Remember to keep ssh1 disabled as well as direct root access into ssh >> from the ssh config file. > > > How to disable SSH1 and How to stop direct root access into ssh, where to > change? > > -Reko Read man sshd_config. - -Garrett -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.1 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFqA4GEnKyINQw/HARAvRYAJ9f84lZRiAGAU66CtsvaSaKjvgHBwCfYnHY kQ04KF5kowf+AdX6SGF2Uic= =S546 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45A80E06.8030405>