On Friday January 12, 2007 at 04:54:37 (PM) Reko Turja wrote:
> >I am reading many hundred lines similar to below mentioned? > > > > Could you please advise me what to do and how can I make my box more > > secure? > > > > Jan 9 17:54:42 localhost sshd: reverse mapping checking > > getaddrinfo > > for bbs-83-179.189.218.on-nets.com [18.104.22.168] failed - > > POSSIBLE > > BREAK-IN ATTEMPT! > > Jan 9 17:54:42 localhost sshd: Invalid user sysadmin from > > 22.214.171.124 > > It's basically just script kiddies trying to get in using some ready > made user/password pairs. > > Lots of info covering this has been posted in these newsgroups > previously, but some things you might consider > > Moving your sshd port somewhere else than 22 - the prepackaged > "cracking" programs don't scan ports, just blindly try out the default > port - with determined/skilled attacker it's different matter entirely > though. Security through Obscurity is not true security at all. You are simply assuming that other ports are not being scanned. > > Use some kind of portblocker (lots in ports tree) which closes the > port after predetermined number of attempts - or as an alternative, > use PF to close the port for IP's in question after predetermined > number of connection attempts in given time. > > Use key based authentication and stop using passwords altogether. A very secure method. I would recommend this along with making sure your firewall is properly configured and all unnecessary ports closed, etc. > > Remember to keep ssh1 disabled as well as direct root access into ssh > from the ssh config file. -- Gerard For GOOGLE (L)Users: "RAM Disk" is not an installation procedure. _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"