From owner-freebsd-questions@FreeBSD.ORG  Wed Aug 24 16:00:24 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2CC1516A41F
	for <freebsd-questions@freebsd.org>;
	Wed, 24 Aug 2005 16:00:24 +0000 (GMT)
	(envelope-from apircalabu@bitdefender.com)
Received: from mail.bitdefender.com (ns.bitdefender.com [217.156.83.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C6BD543D48
	for <freebsd-questions@freebsd.org>;
	Wed, 24 Aug 2005 16:00:22 +0000 (GMT)
	(envelope-from apircalabu@bitdefender.com)
Received: (qmail 32714 invoked by uid 1010); 24 Aug 2005 18:50:55 +0300
Received: from apircalabu.dsd.ro (10.10.15.22)
	by mail.bitdefender.com with AES256-SHA encrypted SMTP;
	24 Aug 2005 18:50:55 +0300
Date: Wed, 24 Aug 2005 19:02:34 +0300
From: Adi Pircalabu <apircalabu@bitdefender.com>
To: ro ro <ricking505@yahoo.com>
Message-ID: <20050824190234.71424709@apircalabu.dsd.ro>
In-Reply-To: <20050824042234.12260.qmail@web34103.mail.mud.yahoo.com>
References: <20050824042234.12260.qmail@web34103.mail.mud.yahoo.com>
Organization: BitDefender
X-Mailer: Sylpheed-Claws 1.9.13 (GTK+ 2.6.9; i386-portbld-freebsd5.4)
X-BitDefender-Scanner: Clean, Agent: BitDefender Qmail 1.6.2 on
	mail.bitdefender.com
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BitDefender-SpamStamp: 1.1.4  049000040111AAAAAAE
X-BitDefender-Spam: No (0)
Cc: freebsd-questions@freebsd.org
Subject: Re: Illegal access attempt - FreeBSD 5.4 Release - please advise
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2005 16:00:24 -0000

On Tue, 23 Aug 2005 21:22:34 -0700 (PDT)
ro ro <ricking505@yahoo.com> wrote:

> I took the issue of creating a good firewall quite
> lightly and now I regret that decision.. now I have
> learnt... Can someone provide me with guidance on this
> issue and advise me on next steps to take action
> against such losers. 
[...]
> Aug 23 08:19:03 free sshd[22519]: Illegal user lp from
> 210.0.142.153

You could restrict access to sshd on your system to trusted IPs only
using /etc/hosts.allow. It's very effective and simple for your
specific situation.
man 5 hosts_access is a good start.

-- 
Adi Pircalabu (PGP Key ID 0x04329F5E)