From owner-freebsd-questions@FreeBSD.ORG  Tue May  9 14:54:05 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 60A9716A407
	for <freebsd-questions@freebsd.org>;
	Tue,  9 May 2006 14:54:05 +0000 (UTC)
	(envelope-from freebsdutah@yahoo.com)
Received: from web32413.mail.mud.yahoo.com (web32413.mail.mud.yahoo.com
	[68.142.207.206])
	by mx1.FreeBSD.org (Postfix) with SMTP id 221AE43D5A
	for <freebsd-questions@freebsd.org>;
	Tue,  9 May 2006 14:54:04 +0000 (GMT)
	(envelope-from freebsdutah@yahoo.com)
Received: (qmail 71701 invoked by uid 60001); 9 May 2006 14:54:03 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	b=Q8IWSMTBJGBL4Eny9HZTyOZzghUxrGy6YXE09ApQGLyhcb8FOye2areINbKXF0FK+olqVHkJak3y1U9obrazhWE2475Q35C9vZhokIxp6zrAtm/kDxySBVTQTQ3n66kL23FFTxUAA2ddAcZ1f3q4fOD+0njc36b7bw/VGUNBWug=
	; 
Message-ID: <20060509145403.71699.qmail@web32413.mail.mud.yahoo.com>
Received: from [207.109.153.102] by web32413.mail.mud.yahoo.com via HTTP;
	Tue, 09 May 2006 07:54:03 PDT
Date: Tue, 9 May 2006 07:54:03 -0700 (PDT)
From: "M. Goodell" <freebsdutah@yahoo.com>
To: FreeBSD Questions <freebsd-questions@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: System Intrustion Detection
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 May 2006 14:54:05 -0000

More and more each day I am seeing my root emails contain hundreds of entries like this:
   
  May  8 02:23:35 warpstone sshd[26092]: Failed password for root from 222.185.245.208 port 50519 ssh2
May  8 16:37:41 warpstone ftpd[34713]: FTP LOGIN FAILED FROM 211.44.250.152, Administrator
   
  Basically, people are attemtpting to hack into my server often with a few thousands of attempts each day. What measures can I take to stop these attempts? Is there a way I can detect these attacks and automatically cut them off? Are any of the security ports effective against this?
   
  Thank you!
   
  M Goodell

		
---------------------------------
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.