From owner-freebsd-security@freebsd.org Wed Jul 18 20:13:35 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C2921030F58 for ; Wed, 18 Jul 2018 20:13:35 +0000 (UTC) (envelope-from patpro@patpro.net) Received: from rack.patpro.net (rack.patpro.net [193.30.227.216]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "patpro.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A18E48AE65 for ; Wed, 18 Jul 2018 20:13:34 +0000 (UTC) (envelope-from patpro@patpro.net) Received: from cassandre.patpro.net (boleskine.patpro.net [82.230.142.222]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by rack.patpro.net (Postfix) with ESMTPSA id C05FA3F43; Wed, 18 Jul 2018 22:13:24 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=patpro.net; s=201806-ee6b3be7; t=1531944805; bh=Q2Nyuqt5q2CIEnAJO9P9OHidDGq0sVjSZoxa3U/glnk=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=YhVh27kxTSF10Ky7CaXFfiG7RXoV7PRDAI3mwdDLLE7SvWF5qSj6yVHCmQhjz7803 nl2FUQNIt5T39xTko60Jk3Jy2OasIBrVPt316C77yKkgdAciChjQuc3HtqnFOZuiH9 ujwQdt4us28Bf8jTyL3m+KBDPYNQ7Auau7vNP3xZKN5IHcKQkiaNRB7xP5gC9yya5/ PKyrDHs+NEM+9vRj8D2meIlOzcGNbSzeCYJ/h6Sikgo8DrIefhH+hxs6RgdLCnZ6eC 73vlmugLvNn9f7Mbw5XY5AqfyubWbvUFYCKsntfcCTPLDn4XMmyB9lrIKQ3M2hsi0N DQti/5+08AE5txid8DcNTheVAZ3vsbgua1CHfDIwn2CggcE1WVJ1N9PljUCXoGxLzB wQWjaIpJk0CWNc2HXlBf8hYCAz8884EfY76Zah2Cavm6vM+GqCgC5/syOnLXbHbtrL n/j/k+uYwV6vrEyq5R+kw3xlL9hpeN+AtNZ1+6XBkklqSscD5eRNE5fmqSblPpn8Lp svsqDp+lrgL4Bnw5FdnQ6Hg+1h9Gi04gKqOCKoL+UOqaZ0FBgSo+Zft3SeXr4fllUV 9f5fk/jayt+VEk5cJv0SCqFg8cQanYqOXkl5jybAarY9nEPtd9TN/PykE+ngH1Hb0J Hk4CLM6yBkmqUWjGWDXfZTes= Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: Possible break-in attempt? From: Patrick Proniewski In-Reply-To: <594ba84b-0691-8471-4bd4-076d0ae3da98@gjunka.com> Date: Wed, 18 Jul 2018 22:13:22 +0200 Cc: freebsd-security@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <368EABCF-A10A-49E9-9473-7753F6BEAA50@patpro.net> References: <594ba84b-0691-8471-4bd4-076d0ae3da98@gjunka.com> To: Grzegorz Junka X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jul 2018 20:13:35 -0000 Hi, You can ignore them totally (you should), and if you can't, make sure = you limit possibility of brute force attack on your sshd: - configure a firewall to stop them - and/or activate blacklistd on sshd - and/or change listening port of sshd=20 I get thousands of these every day, won't kill you and not worth losing = your time. > On 18 juil. 2018, at 22:07, Grzegorz Junka wrote: >=20 > Sometimes I am receiving messages like this from my server: >=20 > nas.myserver.mydomain.com login failures: > Jul 17 08:35:02 nas sshd[5994]: reverse mapping checking getaddrinfo = for 162.132-254-62.static.virginmediabusiness.co.uk [62.254.132.162] = failed - POSSIBLE BREAK-IN ATTEMPT! >=20 > On different days they are from different IPs and they would-be mapped = to different reverse dns names. How to deal with those = messages/attempts? >=20 > GrzegorzJ >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org"