Date: Sun, 14 Jan 2007 15:39:30 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: VeeJay <maanjee@gmail.com> Cc: FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: Re: Please Help! How to STOP them... Message-ID: <45AA40A2.2000906@locolomo.org> In-Reply-To: <2cd0a0da0701121343g7fa2535fv4a7b201f5a03aff2@mail.gmail.com> References: <2cd0a0da0701121343g7fa2535fv4a7b201f5a03aff2@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms070203000904050904000509 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit VeeJay wrote: > I am reading many hundred lines similar to below mentioned? > > Could you please advise me what to do and how can I make my box more secure? > > Jan 9 17:54:42 localhost sshd[5130]: reverse mapping checking getaddrinfo > for bbs-83-179.189.218.on-nets.com [218.189.179.83] failed - POSSIBLE > BREAK-IN ATTEMPT! > Jan 9 17:54:42 localhost sshd[5130]: Invalid user sysadmin from > 218.189.179.83 > Please, this is possibly the most frequently asked question not in the FAQ. Understand that whenever you make a service available on the internet, someone is going to try to break in. Be it ssh, smtp, dns, http etc. What you need to learn is to identify which attacks constitute a real threat to your system. The first log entry is no sign of break in attempt. Just because a DNS server is misconfigured doesn't mean that people are trying to attack you. The second line is evidence that some illicit events are recorded. But, there is no reason to worry about these if you have properly configured your box. Please search the archives for ssh brute force - this topic has been discussed a zillion times. Some mention port knocking. This doesn't make people stop trying to get into your box. It introduces an extra hazle to do so as you first have to knock on the port a secret (but shared secret) sequence. Then you will authenticate as previously. If you are troubled with messages in your log, there are plenty of ordinary things you can do: - enforce key authentication - restrict access to certain users or groups of users - deny direct access as root - enforce strong passwords, if you can't enforce key authentication - limit the ip address space that is allowed to connect, to the space where you or your users are likely to be - limit the number of simultaneous unauthenticated connections Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org --------------ms070203000904050904000509 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIK6DCC BXAwggRYoAMCAQICBEVUK6IwDQYJKoZIhvcNAQEFBQAwMTELMAkGA1UEBhMCREsxDDAKBgNV BAoTA1REQzEUMBIGA1UEAxMLVERDIE9DRVMgQ0EwHhcNMDYxMTE1MDgzMTU0WhcNMDgxMTE1 MDkwMTU0WjB1MQswCQYDVQQGEwJESzEpMCcGA1UEChMgSW5nZW4gb3JnYW5pc2F0b3Jpc2sg dGlsa255dG5pbmcxOzAUBgNVBAMUDUVyaWsgTvhyZ2FhcmQwIwYDVQQFExxQSUQ6OTgwMi0y MDAyLTItNTQ0MzY5NzY5MzE1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1/K6+GVcF UvoWJpyfhzWbu8qEOB8jU17A0dpmts7RT+ODkYq0lxJCcvvdSXNQQurvYwaPISA+EMRy+rIm rjhoyxhsM9w/XC7gELqkr1XbGt3wR0KLr5ZcRfD4HqrWM1Eh1OYxTXKod6Ox/FAqzDAy91x8 XCZzsHtiBCdgMSYxqwIDAQABo4ICzjCCAsowDgYDVR0PAQH/BAQDAgP4MCsGA1UdEAQkMCKA DzIwMDYxMTE1MDgzMTU0WoEPMjAwODExMTUwOTAxNTRaMIIBNwYDVR0gBIIBLjCCASowggEm BgoqgVCBKQEBAQEDMIIBFjAvBggrBgEFBQcCARYjaHR0cDovL3d3dy5jZXJ0aWZpa2F0LmRr L3JlcG9zaXRvcnkwgeIGCCsGAQUFBwICMIHVMAoWA1REQzADAgEBGoHGRm9yIGFudmVuZGVs c2UgYWYgY2VydGlmaWthdGV0IGfmbGRlciBPQ0VTIHZpbGvlciwgQ1BTIG9nIE9DRVMgQ1As IGRlciBrYW4gaGVudGVzIGZyYSB3d3cuY2VydGlmaWthdC5kay9yZXBvc2l0b3J5LiBCZW3m cmssIGF0IFREQyBlZnRlciB2aWxr5XJlbmUgaGFyIGV0IGJlZ3LmbnNldCBhbnN2YXIgaWZ0 LiBwcm9mZXNzaW9uZWxsZSBwYXJ0ZXIuMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAYYl aHR0cDovL29jc3AuY2VydGlmaWthdC5kay9vY3NwL3N0YXR1czAgBgNVHREEGTAXgRVub3Jn YWFyZEBsb2NvbG9tby5vcmcwgYQGA1UdHwR9MHswS6BJoEekRTBDMQswCQYDVQQGEwJESzEM MAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTEQMA4GA1UEAxMHQ1JMMTU1NzAs oCqgKIYmaHR0cDovL2NybC5vY2VzLmNlcnRpZmlrYXQuZGsvb2Nlcy5jcmwwHwYDVR0jBBgw FoAUYLWF7FZkfhIZJ2cdUBVLc647+RIwHQYDVR0OBBYEFPd+a0ceJ9JmK934UXsB3G0mjv+f MAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCA6gwDQYJKoZIhvcNAQEFBQAD ggEBAE9KhX+l/ZcnhvGPhHyWnJspyCXSiuqZ+GlgMdcKXtlu8kXsqNzfDe9qSs93++zJS+HT vAW0QgyIxjY1VpgCqgyjU8e2d2D1eSRMDB09WViZk8oZkvOy0Mq3yy//CLSw3gQbXNZF+Yt+ htss+FD+idACVyRBQqlcHuaxjguyzZkK0fGBN5H5nsklDySQCU7X0i3egeIiL7zlV3cjp9KT 12tNG4jfQTaSUzBkz0R+x+Jcdyp6AI9Qg3H1iGDDI58aCTY5ohQBpDsUcLr6U842IACNCeub qDP6nDo5lnMEXwGH/RO8r4supCf5wrNRjqEX/vokUzB5QfDGtmxxZkycaaQwggVwMIIEWKAD AgECAgRFVCuiMA0GCSqGSIb3DQEBBQUAMDExCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNUREMx FDASBgNVBAMTC1REQyBPQ0VTIENBMB4XDTA2MTExNTA4MzE1NFoXDTA4MTExNTA5MDE1NFow dTELMAkGA1UEBhMCREsxKTAnBgNVBAoTIEluZ2VuIG9yZ2FuaXNhdG9yaXNrIHRpbGtueXRu aW5nMTswFAYDVQQDFA1FcmlrIE74cmdhYXJkMCMGA1UEBRMcUElEOjk4MDItMjAwMi0yLTU0 NDM2OTc2OTMxNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtfyuvhlXBVL6Fiacn4c1 m7vKhDgfI1NewNHaZrbO0U/jg5GKtJcSQnL73UlzUELq72MGjyEgPhDEcvqyJq44aMsYbDPc P1wu4BC6pK9V2xrd8EdCi6+WXEXw+B6q1jNRIdTmMU1yqHejsfxQKswwMvdcfFwmc7B7YgQn YDEmMasCAwEAAaOCAs4wggLKMA4GA1UdDwEB/wQEAwID+DArBgNVHRAEJDAigA8yMDA2MTEx NTA4MzE1NFqBDzIwMDgxMTE1MDkwMTU0WjCCATcGA1UdIASCAS4wggEqMIIBJgYKKoFQgSkB AQEBAzCCARYwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2VydGlmaWthdC5kay9yZXBvc2l0 b3J5MIHiBggrBgEFBQcCAjCB1TAKFgNUREMwAwIBARqBxkZvciBhbnZlbmRlbHNlIGFmIGNl cnRpZmlrYXRldCBn5mxkZXIgT0NFUyB2aWxr5XIsIENQUyBvZyBPQ0VTIENQLCBkZXIga2Fu IGhlbnRlcyBmcmEgd3d3LmNlcnRpZmlrYXQuZGsvcmVwb3NpdG9yeS4gQmVt5nJrLCBhdCBU REMgZWZ0ZXIgdmlsa+VyZW5lIGhhciBldCBiZWdy5m5zZXQgYW5zdmFyIGlmdC4gcHJvZmVz c2lvbmVsbGUgcGFydGVyLjBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9v Y3NwLmNlcnRpZmlrYXQuZGsvb2NzcC9zdGF0dXMwIAYDVR0RBBkwF4EVbm9yZ2FhcmRAbG9j b2xvbW8ub3JnMIGEBgNVHR8EfTB7MEugSaBHpEUwQzELMAkGA1UEBhMCREsxDDAKBgNVBAoT A1REQzEUMBIGA1UEAxMLVERDIE9DRVMgQ0ExEDAOBgNVBAMTB0NSTDE1NTcwLKAqoCiGJmh0 dHA6Ly9jcmwub2Nlcy5jZXJ0aWZpa2F0LmRrL29jZXMuY3JsMB8GA1UdIwQYMBaAFGC1hexW ZH4SGSdnHVAVS3OuO/kSMB0GA1UdDgQWBBT3fmtHHifSZivd+FF7AdxtJo7/nzAJBgNVHRME AjAAMBkGCSqGSIb2fQdBAAQMMAobBFY3LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4IBAQBPSoV/ pf2XJ4bxj4R8lpybKcgl0orqmfhpYDHXCl7ZbvJF7Kjc3w3vakrPd/vsyUvh07wFtEIMiMY2 NVaYAqoMo1PHtndg9XkkTAwdPVlYmZPKGZLzstDKt8sv/wi0sN4EG1zWRfmLfobbLPhQ/onQ AlckQUKpXB7msY4Lss2ZCtHxgTeR+Z7JJQ8kkAlO19It3oHiIi+85Vd3I6fSk9drTRuI30E2 klMwZM9EfsfiXHcqegCPUINx9YhgwyOfGgk2OaIUAaQ7FHC6+lPONiAAjQnrm6gz+pw6OZZz BF8Bh/0TvK+LLqQn+cKzUY6hF/76JFMweUHwxrZscWZMnGmkMYICKjCCAiYCAQEwOTAxMQsw CQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQQIERVQrojAJ BgUrDgMCGgUAoIIBRzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0wNzAxMTQxNDM5MzBaMCMGCSqGSIb3DQEJBDEWBBTX035/VYm4CYDnuNA9gH5gWobmgDBI BgkrBgEEAYI3EAQxOzA5MDExCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNUREMxFDASBgNVBAMT C1REQyBPQ0VTIENBAgRFVCuiMEoGCyqGSIb3DQEJEAILMTugOTAxMQswCQYDVQQGEwJESzEM MAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQQIERVQrojBSBgkqhkiG9w0BCQ8x RTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMC BzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgLEMsdFU+aLtmQqahDjQMtxSqnfQ DQEUVlujM/2vNWUat9ryKQiIo6ZInJAT9wS8WhB9/Y/bFrDllD8ejT5vkLjuj1DUNosfPkKm Zr/RFV8+x52NUYhVJelBzPFUZVIxfv7gS2ceN1JIIYLsPhQ7tlT/eH9jQh3I7h6257Ik3C5h AAAAAAAA --------------ms070203000904050904000509--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45AA40A2.2000906>