Re: [Shorewall-users] Blacklisted addresses (range) get through anyway]

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I've attached the dump as a text file.

Best Wishes

Linda

> We certainly would need a shorewall dump to figure this out.
>
> Prasanna.
>
> On Fri, Nov 7, 2008 at 12:33 PM,  <li...@he...> wrote:
>> I've blocked an IP-range in my blacklist-file. The row in the file looks
>> like this:
>> 88.191.0.0/16
>>
>> This should block any and all traffic from addresses in the range
>> 88.191.0.0-88.191.255.255 but they still get through to perform brute
>> force attacks on my SSH server.
>>
>> Here's an example from my auth.log for yesterday:
>> Nov  4 20:14:39 dolly sshd[3532]: Invalid user ttf from 88.191.99.69
>> Nov  4 20:14:41 dolly sshd[3532]: Failed password for invalid user ttf
>> from 88.191.99.69 port 37898 ssh2
>>
>> Why is this, and how can I fix it?
>>
>> Best Wishes
>>
>> Linda
>>
>>
>> shorewall version: 4.2.1
>>
>> ip addr show:
>> 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
>>    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>    inet 127.0.0.1/8 scope host lo
>>    inet6 ::1/128 scope host
>>       valid_lft forever preferred_lft forever
>> 2: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen
>> 1000
>>    link/ether 00:08:a1:3c:12:f3 brd ff:ff:ff:ff:ff:ff
>>    inet 192.168.0.102/24 brd 192.168.0.255 scope global eth1
>>    inet6 fe80::208:a1ff:fe3c:12f3/64 scope link
>>       valid_lft forever preferred_lft forever
>> 3: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
>> qlen 1000
>>    link/ether 00:0e:a6:b0:fc:42 brd ff:ff:ff:ff:ff:ff
>> 4: sit0: <NOARP> mtu 1480 qdisc noop
>>    link/sit 0.0.0.0 brd 0.0.0.0
>>
>> ip route show:
>> 192.168.0.0/24 dev eth1  proto kernel  scope link  src 192.168.0.102
>> default via 192.168.0.1 dev eth1
>>
>>
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>> challenge
>> Build the coolest Linux based applications with Moblin SDK & win great
>> prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the
>> world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> Shorewall-users mailing list
>> Sho...@li...
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>
>
>
> --
> Want to manage multiple office networks?
> Want to securely connect all your locations?
> Want to do it in a budget?
> www.elinanetworks.com
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the
> world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Shorewall-users mailing list
> Sho...@li...
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>