Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 8 Aug 2004 00:17:28 -0500
From:      "Eric Crist" <ecrist@secure-computing.net>
To:        "'Mike Bruce'" <mgb@orion.org.uk>, <questions@freebsd.org>
Subject:   RE: Hacker Scans - Advice requested
Message-ID:  <000701c47d07$01e674e0$6401a8c0@Nomad>
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAhdeYsBRyHkSJ5HKC20bRU8KAAAAQAAAAsedKuxZVrEumlOCT326K9AEAAAAA@orion.org.uk>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org
> [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Mike Bruce
> Sent: Sunday, August 08, 2004 12:16 AM
> To: questions@freebsd.org
> Subject: Hacker Scans - Advice requested
>
>
> Please can you help me?
>
> I am getting increasingly plagued by this message in my
> security log on my V4 installations of FreeBSD
>
> 06:48:53 mail sshd[18617]: Failed password for illegal user
> admin from 210.3.4.71 port 39741 ssh2 Aug  7
>
> Is there any way that this can be prevented without impairing
> the services provided by the operating system.
>
> Many thanks
>
> Mike Bruce

Very simple solution: create a rule to allow only traffic from known
subnets.  This will completely deny requests from IP addresses you're
not sure of.

HTH

Eric F Crist




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?000701c47d07$01e674e0$6401a8c0>