From owner-freebsd-questions@freebsd.org Sun Oct 1 15:38:58 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68BBAE27A95 for ; Sun, 1 Oct 2017 15:38:58 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3094B6421B for ; Sun, 1 Oct 2017 15:38:58 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: by mail-it0-x22d.google.com with SMTP id e134so4736191ite.3 for ; Sun, 01 Oct 2017 08:38:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=w4/6CrvJxxINu82j7dOTw3wqCq0wfzfrMXnsF+CoROA=; b=H5IoQ9Hz1b6mPAucwUbUPC6GePZ4nIkpXYZ2Pc1jtF0471g9Ioo5yuL739rNLOzWbd k31OKkFWmvdVw9KgfySMayAOhom+N7COxuU7jii40aXrVg7yaly/P4ZJNmXdKzKAHlXT U3QbRxrW2gqxSR18Q463KLH/n+EZTHLR3fBCxqITJhYlZsHVeM8eJHrNKJKOBWJ1E0qQ bAipQJL9RG1A9dECRESpfqK6/+yhiNiDlbOEWvy9CwH+cbLXGPDnbCSFCb2JsiOGecq4 9Re7wF7KDTprQ5Nj9GEaAAY+1mVprQzCpSMqXiicZ78V1gBTUyFxSbPsA/UrtFb683ja vXUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=w4/6CrvJxxINu82j7dOTw3wqCq0wfzfrMXnsF+CoROA=; b=jqx2uzoxUZZE2GfRPgF1PQPlzUJkgjGoYEBqDP7M+Nrt0U8ZsVYT12LJZHn/vdkV1H nP6rCTYxokufQXyNJUjkMfnv8UGs8IlGfGyeEWWF6WazpjTmxMH0XIA2moGf0FHcDehs D6Iiw1o5dU8PZ5ZZgLhbpW5HTjOUx6tYNNV/qfwzKxpfH/cCH1z/3F9LvSeQKG0B98zO npxK6KtxGZYrxlGE+5IxTR+e/EMi7+t1B/HLeSTWjZse9rbcg7prVFJi+JzcDT0TiAh6 lWXo4xPuwgfh+s3vg89KWEm9SjCJuzmPrfCH4on4zxa3xnx/4bCeWTNpFa4jBuVGDoib /55A== X-Gm-Message-State: AHPjjUh7ldS733JW3gNcYYGw1uSPflcYHNY4hHuSLAYm2EcxDLhsPTiI xp54atq7enRbjlG1rbsUIFYkI6YprPBaY+fKleg= X-Google-Smtp-Source: AOwi7QDlRhiycY9gh3TqUS9qWEtwJRaPtZQ2d3LzqrJOBVNjF54Q4rbDwzVRCx0+tzSxCBT3YdVYh5jCjRWl431d070= X-Received: by 10.36.101.213 with SMTP id u204mr16100389itb.151.1506872337541; Sun, 01 Oct 2017 08:38:57 -0700 (PDT) MIME-Version: 1.0 Received: by 10.2.145.141 with HTTP; Sun, 1 Oct 2017 08:38:57 -0700 (PDT) In-Reply-To: <59D10736.2070504@gmail.com> References: <59D10736.2070504@gmail.com> From: Adam Vande More Date: Sun, 1 Oct 2017 10:38:57 -0500 Message-ID: Subject: Re: help - under attack To: Ernie Luzar Cc: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Oct 2017 15:38:58 -0000 On Sun, Oct 1, 2017 at 10:18 AM, Ernie Luzar wrote: > Hello list; > > Installed 11.1 from scratch and after about 2-3 weeks I finally got around > to inspecting the /var/logs. I have never seen the auth.log file roll over > before, so this peaked my interest. It was full of failed login attempts. > My firewall blocks all inbound traffic > It seems your firewall isn't doing to great a job, then there is the consideration of why you'd be running sshd. -- Adam