Re: Repeated attacks via SSH
From: Garrett Wollman (wollman_at_csail.mit.edu)
Date: 10/03/05
- Previous message: David Gilbert: "Repeated attacks via SSH"
- In reply to: Clemens Renner: "Re: Repeated attacks via SSH"
- Next in thread: Matthew Dillon: "Re: Repeated attacks via SSH"
- Reply: Matthew Dillon: "Re: Repeated attacks via SSH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 3 Oct 2005 12:48:21 -0400 To: Clemens Renner <claim@rinux.net>
<<On Mon, 03 Oct 2005 13:00:33 +0200, Clemens Renner <claim@rinux.net> said:
> Failed password for illegal user qscand from 217.20.119.212 port 50657 ssh2
I modified my version of /etc/periodic/security/800.loginfail to
filter out all the "illegal user" messages from sshd; otherwise I
would be getting about 24,000 lines of crap a night in my security
report (3,000 attempts per host times eight hosts). Since all of the
machines I care about have very limited access, I don't lose anything
by not overwhelming my security mail with unimportant failures.
I also aggressively use AllowUsers/AllowGroups in sshd_config to limit
exposure even more. (That way, I don't have to see all the failures
for "www" and "pgsql" as well.)
-GAWollman
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: David Gilbert: "Repeated attacks via SSH"
- In reply to: Clemens Renner: "Re: Repeated attacks via SSH"
- Next in thread: Matthew Dillon: "Re: Repeated attacks via SSH"
- Reply: Matthew Dillon: "Re: Repeated attacks via SSH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
