Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 8 Aug 2004 10:52:36 +0200
From:      Morten Liebach <m@mongers.org>
To:        FreeBSD Questions <questions@freebsd.org>
Subject:   Re: Hacker Scans - Advice requested
Message-ID:  <20040808085258.GB2352@mongers.org>
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAhdeYsBRyHkSJ5HKC20bRU8KAAAAQAAAAsedKuxZVrEumlOCT326K9AEAAAAA@orion.org.uk>
References:  <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAhdeYsBRyHkSJ5HKC20bRU8KAAAAQAAAAsedKuxZVrEumlOCT326K9AEAAAAA@orion.org.uk>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 2004-08-08 06:16:19 +0100, Mike Bruce wrote:
> Please can you help me?
>  
> I am getting increasingly plagued by this message in my security log on
> my V4 installations of FreeBSD
>  
> 06:48:53 mail sshd[18617]: Failed password for illegal user admin from
> 210.3.4.71 port 39741 ssh2 Aug  7

You're far from alone.  Eg. see:
http://www.securityfocus.com/archive/75/371086/2004-08-05/2004-08-11/1

> Is there any way that this can be prevented without impairing the
> services provided by the operating system.

I only allow publickey/skey logins, so I felt pretty safe, but got tired
of looking at the logs, so I moved the sshd to a random high port.  Then
you can append something like this to ~/.ssh/config:

Host short
Hostname short.verylongdomainname-or-impossibletorememberIP.tld
Port 43462
User your-mom

Now you can just do 'ssh short' and it'll use the right portnumber and
username and dnsname (it could bbe an IP address too).

Or, as another poster said, just firewall it away, or even use a
combination.

Have a nice day
                                 Morten

-- 
http://m.mongers.org/ -- http://gallery.zentience.org/
__END__



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20040808085258.GB2352>