Date: Wed, 4 Oct 2017 13:08:04 +0100 From: krad <kraduk@gmail.com> To: Ernie Luzar <luzar722@gmail.com> Cc: Matthias Apitz <guru@unixarea.de>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: help - under attack Message-ID: <CALfReyen14hbp_NK_urgYXbWbyi=63j-6oBTHC2-E4E%2BK6gO-Q@mail.gmail.com> In-Reply-To: <59D10B0C.1010702@gmail.com> References: <59D10736.2070504@gmail.com> <20171001152637.GA60730@c720-r314251> <59D10B0C.1010702@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
post the ruleset, if you are dual homed make sure sshd in bound to the internal nic only. If you have to go on the public side, disable password based auth and just use keys. Do those things and the community can maybe help you go forward. On 1 October 2017 at 16:34, Ernie Luzar <luzar722@gmail.com> wrote: > Matthias Apitz wrote: > >> El d=C3=ADa domingo, octubre 01, 2017 a las 11:18:14a. m. -0400, Ernie L= uzar >> escribi=C3=B3: >> >> Hello list; >>> >>> Installed 11.1 from scratch and after about 2-3 weeks I finally got >>> around to inspecting the /var/logs. I have never seen the auth.log file >>> roll over before, so this peaked my interest. It was full of failed log= in >>> attempts. My firewall blocks all inbound traffic, so I am very baffled = be >>> what I see in the log. Any suggestions on how this can be happening? >>> >>> Sep 29 03:09:14 fbsd sshd[33675]: Connection closed by 149.202.179.216 >>> port 48876 [preauth] >>> ... >>> >> >> If you have a firewall (about which you have not said anything), how can >> SYN-SYN-ACK happen on port 22? >> >> matthias >> > > My post says "My firewall blocks all inbound traffic". The login error > messages do not say it on port 22. That inbound port is blocked by the > firewall. All pc on the lan are powered off. Even disconnected the lan > cable from the freebsd gateway host and still the error messages come out= . > That is why I am asking for help here. > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe > @freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALfReyen14hbp_NK_urgYXbWbyi=63j-6oBTHC2-E4E%2BK6gO-Q>