Re: Hacker Scans - Advice requested
Eric Crist wrote: -Original Message- From: Mike Bruce [mailto:[EMAIL PROTECTED] Sent: Sunday, August 08, 2004 7:32 AM To: 'Eric Crist' Subject: RE: Hacker Scans - Advice requested Many thanks Eric I've looked through the documentation and it is not entirely clear how to do this, but at least I have a starting point. Mike Mike, If you checkout the user manual on the FreeBSD website, you should find an entire section on setting up a firewall. From there, you just need to create a coule of rules to block/accept the ip blocks that you want. Pretty simple process. Start with the user documentation on the site, and we can help you from there. Eric F Crist ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" Something like this: # Allow in SFTP, SSH, and SCP from Internet ${fwcmd} add 090 pass log tcp from 123.123.123.123/xx to ${ip} 22 setup limit src-addr 4 -- Best regards, Chris ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Hacker Scans - Advice requested
> > Is there any way that this can be prevented without impairing the > services provided by the operating system. > they check passwords from dictionary etc. my advice (i did the same, while i've got scans for "guest" and "test"): make such account with very simple one word password home /nonexistent and shell script as shell saying "smile, hidden camera is watching you". ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Hacker Scans - Advice requested
> -Original Message- > From: Mike Bruce [mailto:[EMAIL PROTECTED] > Sent: Sunday, August 08, 2004 7:32 AM > To: 'Eric Crist' > Subject: RE: Hacker Scans - Advice requested > > > Many thanks Eric > > I've looked through the documentation and it is not entirely > clear how to do this, but at least I have a starting point. > > Mike Mike, If you checkout the user manual on the FreeBSD website, you should find an entire section on setting up a firewall. From there, you just need to create a coule of rules to block/accept the ip blocks that you want. Pretty simple process. Start with the user documentation on the site, and we can help you from there. Eric F Crist ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Hacker Scans - Advice requested
On 2004-08-08 06:16:19 +0100, Mike Bruce wrote: > Please can you help me? > > I am getting increasingly plagued by this message in my security log on > my V4 installations of FreeBSD > > 06:48:53 mail sshd[18617]: Failed password for illegal user admin from > 210.3.4.71 port 39741 ssh2 Aug 7 You're far from alone. Eg. see: http://www.securityfocus.com/archive/75/371086/2004-08-05/2004-08-11/1 > Is there any way that this can be prevented without impairing the > services provided by the operating system. I only allow publickey/skey logins, so I felt pretty safe, but got tired of looking at the logs, so I moved the sshd to a random high port. Then you can append something like this to ~/.ssh/config: Host short Hostname short.verylongdomainname-or-impossibletorememberIP.tld Port 43462 User your-mom Now you can just do 'ssh short' and it'll use the right portnumber and username and dnsname (it could bbe an IP address too). Or, as another poster said, just firewall it away, or even use a combination. Have a nice day Morten -- http://m.mongers.org/ -- http://gallery.zentience.org/ __END__ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Hacker Scans - Advice requested
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mike Bruce > Sent: Sunday, August 08, 2004 12:16 AM > To: [EMAIL PROTECTED] > Subject: Hacker Scans - Advice requested > > > Please can you help me? > > I am getting increasingly plagued by this message in my > security log on my V4 installations of FreeBSD > > 06:48:53 mail sshd[18617]: Failed password for illegal user > admin from 210.3.4.71 port 39741 ssh2 Aug 7 > > Is there any way that this can be prevented without impairing > the services provided by the operating system. > > Many thanks > > Mike Bruce Very simple solution: create a rule to allow only traffic from known subnets. This will completely deny requests from IP addresses you're not sure of. HTH Eric F Crist ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"