Thank you Patrick. I don't receive that many of them. Maybe a dozen or
so since I've set up my server, which was a few years ago. Mostly with
the same IP but sometimes different IP as well. And all those I've
received so far were in the last few months.
They surprise me because on the firewall the sshd is forwarded from a
non-standard port (i.e. port 22 isn't open).
I am interested what security precaution FreeBSD is trying to do here.
Is the sshd server receiving an ssh login request from an IP, that can't
be resolved back to a domain in the reverse DNS (PTR) record for that IP?
On 18/07/2018 20:13, Patrick Proniewski wrote:> Hi,
>
> You can ignore them totally (you should), and if you can't, make sure
you limit possibility of brute force attack on your sshd:
> - configure a firewall to stop them
> - and/or activate blacklistd on sshd
> - and/or change listening port of sshd
>
> I get thousands of these every day, won't kill you and not worth losing
your time.
>
>> On 18 juil. 2018, at 22:07, Grzegorz Junka <list1 at gjunka.com>
wrote:
>>
>> Sometimes I am receiving messages like this from my server:
>>
>> nas.myserver.mydomain.com login failures:
>> Jul 17 08:35:02 nas sshd[5994]: reverse mapping checking getaddrinfo
for 162.132-254-62.static.virginmediabusiness.co.uk [62.254.132.162] failed -
POSSIBLE BREAK-IN ATTEMPT!
>>
>> On different days they are from different IPs and they would-be mapped
to different reverse dns names. How to deal with those messages/attempts?
>>
>> GrzegorzJ
>>
>> _______________________________________________
>> freebsd-security at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to "freebsd-security-unsubscribe at
freebsd.org"
>