From owner-freebsd-questions@FreeBSD.ORG  Mon Feb  6 16:23:10 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E711316A422
	for <freebsd-questions@freebsd.org>;
	Mon,  6 Feb 2006 16:23:10 +0000 (GMT)
	(envelope-from bgilmer@gilmer.org)
Received: from gilmer.org (mail.gilmer.org [69.46.128.60])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7F3DD43D46
	for <freebsd-questions@freebsd.org>;
	Mon,  6 Feb 2006 16:23:06 +0000 (GMT)
	(envelope-from bgilmer@gilmer.org)
Received: from gilmer.org (localhost.gilmer.org [127.0.0.1])
	by gilmer.org (8.13.3/8.13.3) with ESMTP id k16GN4Up083099
	for <freebsd-questions@freebsd.org>;
	Mon, 6 Feb 2006 11:23:04 -0500 (EST)
	(envelope-from bgilmer@gilmer.org)
Received: (from bgilmer@localhost)
	by gilmer.org (8.13.3/8.13.3/Submit) id k16GN4Ah083098
	for freebsd-questions@freebsd.org; Mon, 6 Feb 2006 11:23:04 -0500 (EST)
	(envelope-from bgilmer)
Date: Mon, 6 Feb 2006 11:23:04 -0500
From: Brad Gilmer <bgilmer@gilmer.org>
To: freebsd-questions@freebsd.org
Message-ID: <20060206162304.GA83056@gilmer.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Organization: Brad Gilmer / Atlanta
ReplyTo: bgilmer@gilmer.org
Subject: sshd possible breakin attempt messages
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Feb 2006 16:23:11 -0000

Hello all,

I guess one of the banes of our existance as Sys Admins is that people are always pounding away at our systems trying to break in.  Lately, I have been getting hit with several hundred of the messages below per dayin my security report output...

gilmer.org login failures:
Feb  5 11:18:17 gilmer sshd[78078]: reverse mapping checking getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT!
Feb  5 11:18:18 gilmer sshd[78080]: reverse mapping checking getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT!
Feb  5 11:18:20 gilmer sshd[78082]: reverse mapping checking getaddrinfo for 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT!

I am running FreeBSD 5.4 RELEASE, and right now this box is not a production machine, but I am going to be taking it live fairly soon.  Questions:

1)  Is there anything I should be doing to thwart this particular attack?
2)  Given that I am on 5.4, should I upgrade my sshd or do anything else at this point to make sure my machine is as secure as possible?
3)  (Meta-question) - Should I upgrade to 6.0 before I go live to be sure I am in the best possible security situation going forward?  Should I wait until 6.1 for bug fixes (generally I am opposed to n.0 anything).

Thanks
Brad