--On August 19, 2011 11:01:21 AM -0400 Mark Moellering <m...@msen.com>
wrote:
I keep seeing a flood of messages when I run dmesg -a that look like this:
mail sshd[1831]: warning: /etc/hosts.allow, line 2: can't verify
hostname: getaddrinfo(ip223.hichina.com, AF_INET) failed
Is there anything I should be doing to make sure the server isn't
compromised? It is a mail server running postfix / dovecot
I have pf set up and am also running a program called sshguard.
I am kind of at a loss. It looks like I am under attack but I don't know
what to do about it. Any help is greatly appreciated
Thanks in advance
As others have pointed out, this is routine probing by internet jerks. You
have several choices. You can restrict access to ssh to specific IPs or
netblocks. You can ignore it and chalk it up to being on the internet.
Or, if the people that have access to your server are sophisticated enough
that's it's not too much hassle explaining it, you can run ssh on some
other port.
I chose options 1 & 2 for a server I maintain. I'd prefer option 3, but I
don't want to have to explain it to the owners. They're not very tech
savvy.
--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
