Repeated attacks via SSH
Garrett Wollman
wollman at csail.mit.edu
Mon Oct 3 09:48:30 PDT 2005
<<On Mon, 03 Oct 2005 13:00:33 +0200, Clemens Renner <claim at rinux.net> said:
> Failed password for illegal user qscand from 217.20.119.212 port 50657 ssh2
I modified my version of /etc/periodic/security/800.loginfail to
filter out all the "illegal user" messages from sshd; otherwise I
would be getting about 24,000 lines of crap a night in my security
report (3,000 attempts per host times eight hosts). Since all of the
machines I care about have very limited access, I don't lose anything
by not overwhelming my security mail with unimportant failures.
I also aggressively use AllowUsers/AllowGroups in sshd_config to limit
exposure even more. (That way, I don't have to see all the failures
for "www" and "pgsql" as well.)
-GAWollman
More information about the freebsd-security
mailing list