From owner-freebsd-questions@FreeBSD.ORG Fri Jan 12 22:39:05 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 63E3516A407 for ; Fri, 12 Jan 2007 22:39:05 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout5.cac.washington.edu (mxout5.cac.washington.edu [140.142.32.135]) by mx1.freebsd.org (Postfix) with ESMTP id 3F42713C441 for ; Fri, 12 Jan 2007 22:39:05 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.141] (may be forged)) by mxout5.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l0CMd4ga008586 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 12 Jan 2007 14:39:04 -0800 X-Auth-Received: from [192.168.0.101] (dsl254-013-145.sea1.dsl.speakeasy.net [216.254.13.145]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l0CMd4j4000692 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 12 Jan 2007 14:39:04 -0800 Message-ID: <45A80E06.8030405@u.washington.edu> Date: Fri, 12 Jan 2007 14:39:02 -0800 From: Garrett Cooper User-Agent: Thunderbird 1.5.0.9 (X11/20070109) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <2cd0a0da0701121343g7fa2535fv4a7b201f5a03aff2@mail.gmail.com> <01f401c73694$417d7830$0a0aa8c0@rivendell> <2cd0a0da0701121425r2db393b0n8f21289c0bd48970@mail.gmail.com> In-Reply-To: <2cd0a0da0701121425r2db393b0n8f21289c0bd48970@mail.gmail.com> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-PMX-Version: 5.2.2.285561, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2007.1.12.142432 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __LINES_OF_YELLING 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __STOCK_SUBJ_9 0, __USER_AGENT 0' Subject: Re: Please Help! How to STOP them... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jan 2007 22:39:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VeeJay wrote: > Thanks Reko.... > > Just couple of more questions... > > > On 1/12/07, Reko Turja wrote: >> >> From: "VeeJay" >> To: ; "FreeBSD-Questions" >> >> Sent: Friday, January 12, 2007 11:43 PM >> Subject: Please Help! How to STOP them... >> >> >> >I am reading many hundred lines similar to below mentioned? >> > >> > Could you please advise me what to do and how can I make my box more >> > secure? >> > >> > Jan 9 17:54:42 localhost sshd[5130]: reverse mapping checking >> > getaddrinfo >> > for bbs-83-179.189.218.on-nets.com [218.189.179.83] failed - >> > POSSIBLE >> > BREAK-IN ATTEMPT! >> > Jan 9 17:54:42 localhost sshd[5130]: Invalid user sysadmin from >> > 218.189.179.83 >> >> It's basically just script kiddies trying to get in using some ready >> made user/password pairs. >> >> Lots of info covering this has been posted in these newsgroups >> previously, but some things you might consider >> >> Moving your sshd port somewhere else than 22 - the prepackaged >> "cracking" programs don't scan ports, just blindly try out the default >> port - with determined/skilled attacker it's different matter entirely >> though. > > > How to change the port from 22 to something other and in what range > should I > choose a number? > > > Use some kind of portblocker (lots in ports tree) which closes the >> port after predetermined number of attempts - or as an alternative, >> use PF to close the port for IP's in question after predetermined >> number of connection attempts in given time. > > > Can you suggest such port which I should install to block these attempts? > > Use key based authentication and stop using passwords altogether. > > > What do you mean here? > > Remember to keep ssh1 disabled as well as direct root access into ssh >> from the ssh config file. > > > How to disable SSH1 and How to stop direct root access into ssh, where to > change? > > -Reko Read man sshd_config. - -Garrett -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.1 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFqA4GEnKyINQw/HARAvRYAJ9f84lZRiAGAU66CtsvaSaKjvgHBwCfYnHY kQ04KF5kowf+AdX6SGF2Uic= =S546 -----END PGP SIGNATURE-----