Date: Wed, 18 Jul 2018 22:13:22 +0200 From: Patrick Proniewski <patpro@patpro.net> To: Grzegorz Junka <list1@gjunka.com> Cc: freebsd-security@freebsd.org Subject: Re: Possible break-in attempt? Message-ID: <368EABCF-A10A-49E9-9473-7753F6BEAA50@patpro.net> In-Reply-To: <594ba84b-0691-8471-4bd4-076d0ae3da98@gjunka.com> References: <594ba84b-0691-8471-4bd4-076d0ae3da98@gjunka.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, You can ignore them totally (you should), and if you can't, make sure you limit possibility of brute force attack on your sshd: - configure a firewall to stop them - and/or activate blacklistd on sshd - and/or change listening port of sshd I get thousands of these every day, won't kill you and not worth losing your time. > On 18 juil. 2018, at 22:07, Grzegorz Junka <list1@gjunka.com> wrote: > > Sometimes I am receiving messages like this from my server: > > nas.myserver.mydomain.com login failures: > Jul 17 08:35:02 nas sshd[5994]: reverse mapping checking getaddrinfo for 162.132-254-62.static.virginmediabusiness.co.uk [62.254.132.162] failed - POSSIBLE BREAK-IN ATTEMPT! > > On different days they are from different IPs and they would-be mapped to different reverse dns names. How to deal with those messages/attempts? > > GrzegorzJ > > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?368EABCF-A10A-49E9-9473-7753F6BEAA50>