From owner-freebsd-questions@FreeBSD.ORG  Sun Aug  8 09:01:29 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D92AA16A4CE
	for <questions@freebsd.org>; Sun,  8 Aug 2004 09:01:29 +0000 (GMT)
Received: from mongers.org (miracle.mongers.org [193.162.142.71])
	by mx1.FreeBSD.org (Postfix) with SMTP id BF82B43D46
	for <questions@freebsd.org>; Sun,  8 Aug 2004 09:01:28 +0000 (GMT)
	(envelope-from m@mongers.org)
Received: (qmail 413 invoked by uid 1021); 8 Aug 2004 08:52:58 -0000
Date: Sun, 8 Aug 2004 10:52:36 +0200
From: Morten Liebach <m@mongers.org>
To: FreeBSD Questions <questions@freebsd.org>
Message-ID: <20040808085258.GB2352@mongers.org>
References: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAhdeYsBRyHkSJ5HKC20bRU8KAAAAQAAAAsedKuxZVrEumlOCT326K9AEAAAAA@orion.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAhdeYsBRyHkSJ5HKC20bRU8KAAAAQAAAAsedKuxZVrEumlOCT326K9AEAAAAA@orion.org.uk>
User-Agent: Mutt/1.4.1i
X-Accept-Language: dansk, english
X-Organisation: Hollow Chocolate Bunnies of Death, Inc.
X-PGP-Key-ID: F1360CA9
X-PGP-Key-URL: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF1360CA9
X-PGP-Key-Fingerprint: 8CF5 32EE A5EC 36B2 4E3F  ACDF 6D86 BEB3 F136 0CA9
Subject: Re: Hacker Scans - Advice requested
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Aug 2004 09:01:30 -0000

On 2004-08-08 06:16:19 +0100, Mike Bruce wrote:
> Please can you help me?
>  
> I am getting increasingly plagued by this message in my security log on
> my V4 installations of FreeBSD
>  
> 06:48:53 mail sshd[18617]: Failed password for illegal user admin from
> 210.3.4.71 port 39741 ssh2 Aug  7

You're far from alone.  Eg. see:
http://www.securityfocus.com/archive/75/371086/2004-08-05/2004-08-11/1

> Is there any way that this can be prevented without impairing the
> services provided by the operating system.

I only allow publickey/skey logins, so I felt pretty safe, but got tired
of looking at the logs, so I moved the sshd to a random high port.  Then
you can append something like this to ~/.ssh/config:

Host short
Hostname short.verylongdomainname-or-impossibletorememberIP.tld
Port 43462
User your-mom

Now you can just do 'ssh short' and it'll use the right portnumber and
username and dnsname (it could bbe an IP address too).

Or, as another poster said, just firewall it away, or even use a
combination.

Have a nice day
                                 Morten

-- 
http://m.mongers.org/ -- http://gallery.zentience.org/
__END__