Please Help! How to STOP them...
Garrett Cooper
youshi10 at u.washington.edu
Fri Jan 12 22:39:05 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
VeeJay wrote:
> Thanks Reko....
>
> Just couple of more questions...
>
>
> On 1/12/07, Reko Turja <reko.turja at liukuma.net> wrote:
>>
>> From: "VeeJay" <maanjee at gmail.com>
>> To: <maanjee at gmail.com>; "FreeBSD-Questions"
>> <freebsd-questions at freebsd.org>
>> Sent: Friday, January 12, 2007 11:43 PM
>> Subject: Please Help! How to STOP them...
>>
>>
>> >I am reading many hundred lines similar to below mentioned?
>> >
>> > Could you please advise me what to do and how can I make my box more
>> > secure?
>> >
>> > Jan 9 17:54:42 localhost sshd[5130]: reverse mapping checking
>> > getaddrinfo
>> > for bbs-83-179.189.218.on-nets.com [218.189.179.83] failed -
>> > POSSIBLE
>> > BREAK-IN ATTEMPT!
>> > Jan 9 17:54:42 localhost sshd[5130]: Invalid user sysadmin from
>> > 218.189.179.83
>>
>> It's basically just script kiddies trying to get in using some ready
>> made user/password pairs.
>>
>> Lots of info covering this has been posted in these newsgroups
>> previously, but some things you might consider
>>
>> Moving your sshd port somewhere else than 22 - the prepackaged
>> "cracking" programs don't scan ports, just blindly try out the default
>> port - with determined/skilled attacker it's different matter entirely
>> though.
>
>
> How to change the port from 22 to something other and in what range
> should I
> choose a number?
>
>
> Use some kind of portblocker (lots in ports tree) which closes the
>> port after predetermined number of attempts - or as an alternative,
>> use PF to close the port for IP's in question after predetermined
>> number of connection attempts in given time.
>
>
> Can you suggest such port which I should install to block these attempts?
>
> Use key based authentication and stop using passwords altogether.
>
>
> What do you mean here?
>
> Remember to keep ssh1 disabled as well as direct root access into ssh
>> from the ssh config file.
>
>
> How to disable SSH1 and How to stop direct root access into ssh, where to
> change?
>
> -Reko
Read man sshd_config.
- -Garrett
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFqA4GEnKyINQw/HARAvRYAJ9f84lZRiAGAU66CtsvaSaKjvgHBwCfYnHY
kQ04KF5kowf+AdX6SGF2Uic=
=S546
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list