--On August 19, 2011 11:01:21 AM -0400 Mark Moellering <m...@msen.com> wrote:

I keep seeing a flood of messages when I run dmesg -a that look like this:

mail sshd[1831]: warning: /etc/hosts.allow, line 2: can't verify
hostname: getaddrinfo(ip223.hichina.com, AF_INET) failed

Is there anything I should be doing to make sure the server isn't
compromised?  It is a mail server running postfix / dovecot
I have pf set up and am also running a program called sshguard.
I am kind of at a loss.  It looks like I am under attack but I don't know
what to do about it.  Any help is greatly appreciated

Thanks in advance

As others have pointed out, this is routine probing by internet jerks. You have several choices. You can restrict access to ssh to specific IPs or netblocks. You can ignore it and chalk it up to being on the internet. Or, if the people that have access to your server are sophisticated enough that's it's not too much hassle explaining it, you can run ssh on some other port.

I chose options 1 & 2 for a server I maintain. I'd prefer option 3, but I don't want to have to explain it to the owners. They're not very tech savvy.

--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to