Date: Fri, 22 Dec 2006 22:53:11 -0800 From: security <security@jim-liesl.org> To: freebsd-stable@FreeBSD.ORG, gmenhennitt@optusnet.com.au Subject: Re: Block IP Message-ID: <458CD257.7060603@jim-liesl.org> In-Reply-To: <200612220806.kBM86HgT035285@lurza.secnetix.de> References: <200612220806.kBM86HgT035285@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Oliver Fromme wrote: > Graham Menhennitt wrote: > > Christopher Hilton wrote: > > > If it's at all possible switch to using public keys for authentication > > > with ssh and disallow password authentication. This completely stops > > > the brute forcing attacks from filling up your periodic security mail. > > Are you sure about that? I only allow PublickeyAuthentication ssh2 > > connections but I get lots of security mail messages like: > > > > Nov 16 01:44:08 maxwell sshd[70067]: Invalid user marcos from 202.54.49.7 > > Nov 16 01:44:23 maxwell sshd[70067]: reverse mapping checking getaddrinfo for 49-7.broadband.vsnl.net.in failed - POSSIBLE BREAKIN ATTEMPT! > > Those are caused by different things. They're not caused > by wrong passwords, but by an illegal user name (first line) > or by non-matching reverse DNS (second line). These things > are checked even bevore any user keys are exchanged, so the > authentication method doesn't matter. > > They can be savely ignored, because you're immune to brute- > force attacks. If you don't want to see them, a simple > "egrep -v ..." in /etc/periodic/security/800.loginfail will > do. > > Best regards > Oliver > > I can't remember but has anyone mentioned "blocksshd"? it's in ports/security. I still prefer locking down to public key only, but blocksshd is nice.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?458CD257.7060603>