Date: Mon, 6 Feb 2006 11:23:04 -0500 From: Brad Gilmer <bgilmer@gilmer.org> To: freebsd-questions@freebsd.org Subject: sshd possible breakin attempt messages Message-ID: <20060206162304.GA83056@gilmer.org>
next in thread | raw e-mail | index | archive | help
Hello all, I guess one of the banes of our existance as Sys Admins is that people are always pounding away at our systems trying to break in. Lately, I have been getting hit with several hundred of the messages below per dayin my security report output... gilmer.org login failures: Feb 5 11:18:17 gilmer sshd[78078]: reverse mapping checking getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! Feb 5 11:18:18 gilmer sshd[78080]: reverse mapping checking getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! Feb 5 11:18:20 gilmer sshd[78082]: reverse mapping checking getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! I am running FreeBSD 5.4 RELEASE, and right now this box is not a production machine, but I am going to be taking it live fairly soon. Questions: 1) Is there anything I should be doing to thwart this particular attack? 2) Given that I am on 5.4, should I upgrade my sshd or do anything else at this point to make sure my machine is as secure as possible? 3) (Meta-question) - Should I upgrade to 6.0 before I go live to be sure I am in the best possible security situation going forward? Should I wait until 6.1 for bug fixes (generally I am opposed to n.0 anything). Thanks Brad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060206162304.GA83056>