From: <li...@he...> - 2008-11-07 08:29:55
|
I've attached the dump as a text file. Best Wishes Linda > We certainly would need a shorewall dump to figure this out. > > Prasanna. > > On Fri, Nov 7, 2008 at 12:33 PM, <li...@he...> wrote: >> I've blocked an IP-range in my blacklist-file. The row in the file looks >> like this: >> 88.191.0.0/16 >> >> This should block any and all traffic from addresses in the range >> 88.191.0.0-88.191.255.255 but they still get through to perform brute >> force attacks on my SSH server. >> >> Here's an example from my auth.log for yesterday: >> Nov 4 20:14:39 dolly sshd[3532]: Invalid user ttf from 88.191.99.69 >> Nov 4 20:14:41 dolly sshd[3532]: Failed password for invalid user ttf >> from 88.191.99.69 port 37898 ssh2 >> >> Why is this, and how can I fix it? >> >> Best Wishes >> >> Linda >> >> >> shorewall version: 4.2.1 >> >> ip addr show: >> 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> inet 127.0.0.1/8 scope host lo >> inet6 ::1/128 scope host >> valid_lft forever preferred_lft forever >> 2: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen >> 1000 >> link/ether 00:08:a1:3c:12:f3 brd ff:ff:ff:ff:ff:ff >> inet 192.168.0.102/24 brd 192.168.0.255 scope global eth1 >> inet6 fe80::208:a1ff:fe3c:12f3/64 scope link >> valid_lft forever preferred_lft forever >> 3: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast >> qlen 1000 >> link/ether 00:0e:a6:b0:fc:42 brd ff:ff:ff:ff:ff:ff >> 4: sit0: <NOARP> mtu 1480 qdisc noop >> link/sit 0.0.0.0 brd 0.0.0.0 >> >> ip route show: >> 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.102 >> default via 192.168.0.1 dev eth1 >> >> >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the >> world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> Shorewall-users mailing list >> Sho...@li... >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> > > > > -- > Want to manage multiple office networks? > Want to securely connect all your locations? > Want to do it in a budget? > www.elinanetworks.com > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the > world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > Sho...@li... > https://lists.sourceforge.net/lists/listinfo/shorewall-users > |