From owner-freebsd-questions@FreeBSD.ORG Fri Mar 31 15:34:35 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D48E16A422 for ; Fri, 31 Mar 2006 15:34:35 +0000 (UTC) (envelope-from fbsd_user@a1poweruser.com) Received: from mta13.adelphia.net (mta13.mail.adelphia.net [68.168.78.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A9FB43D53 for ; Fri, 31 Mar 2006 15:34:34 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([70.39.69.56]) by mta13.adelphia.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with SMTP id <20060331153433.PPLK3381.mta13.adelphia.net@barbish>; Fri, 31 Mar 2006 10:34:33 -0500 From: "fbsd_user" To: "Tang Ho Yim" , Date: Fri, 31 Mar 2006 10:34:33 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20060331034841.1387.qmail@web35812.mail.mud.yahoo.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Cc: Subject: RE: sshd BREAKIN ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Mar 2006 15:34:35 -0000 What you are seeing is ssh doing it's job like its designed to do. This is not anything you have to worry about. If you don't want to see these messages in your auth.log then change syslog.conf to only send critical messages to the log. There are a few different ports in the FreeBSD ports collection which address this problem by adding deny ip address rules to your firewall. The denyhosts port is the most popular. But this is just make busy work as it does not really provide any greater security than ssh is providing it's self. The facts of life is script kiddies and robots roll through ranges of ip address looking for open ssh ports and then mount a attack. There is nothing you can do about this except change the port number ssh uses to some high port number. Here is document to explain how to do that in detail. http://elibrary.fultus.com/technical/index.jsp?topic=/com.fultus.doc s.software/books/ssh_how-to/cover.html -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Tang Ho Yim Sent: Thursday, March 30, 2006 10:49 PM To: freebsd-questions@freebsd.org Subject: sshd BREAKIN ? I got a error messages from /var/log/auth.log which is about sshd...... .....sshd : reverse mapping checking getaddrinfo for core-01.148.rdcw.com failed - POSSIBLE BREAKIN ATTEMPT ! all my sshd_config is default setting except I have change to "PasswordAuthentication NO , PermitEmptyPasswords NO , and ChallengeResponseAuthentication NO" Is that I am being hack ? last command show who is login before but it seem ok.... What should I do ? Thanks ! --------------------------------- Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"