Menu
▾
▴
sshguard-users
|
From: Leonid S. <Leo...@en...> - 2009-02-15 13:40:47
|
Hi, If my router attack with ssh user list in sshguard chain I see some lines, and I am forced to delete superfluous lines every day. It bug or so should be? Why sshguard don't find '78.135.0.30' in sshguard chain: Feb 13 06:29:44 asroute1 sshguard[12567]: Looking for address '78.135.0.30:4'... Feb 13 06:29:44 asroute1 sshguard[12567]: Not found. iptables -L: .... Chain sshguard (1 references) target prot opt source destination DROP all -- 221.130.187.174 anywhere DROP all -- 63.138.202.103 anywhere DROP all -- 78-135-0-30.extend anywhere DROP all -- 78-135-0-30.extend anywhere DROP all -- 78-135-0-30.extend anywhere DROP all -- 78-135-0-30.extend anywhere .... iptables -L -n: .... Chain sshguard (1 references) target prot opt source destination DROP all -- 221.130.187.174 0.0.0.0/0 DROP all -- 63.138.202.103 0.0.0.0/0 DROP all -- 78.135.0.30 0.0.0.0/0 DROP all -- 78.135.0.30 0.0.0.0/0 DROP all -- 78.135.0.30 0.0.0.0/0 DROP all -- 78.135.0.30 0.0.0.0/0 .... /var/log/auth.log: Feb 13 06:29:19 asroute1 sshd[19796]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:19 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:20 asroute1 sshd[19798]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:21 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:22 asroute1 sshd[19800]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:22 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:25 asroute1 sshd[19802]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:25 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:25 asroute1 sshguard[12567]: Blocking 78.135.0.30:4 for >420secs: 4 failures over 6 seconds. Feb 13 06:29:26 asroute1 sshguard[12567]: Setting environment: SSHG_ADDR=78.135.0.30;SSHG_ADDRKIND=4;SSHG_SERVICE=100. Feb 13 06:29:26 asroute1 sshguard[12567]: Run command "case $SSHG_ADDRKIND in 4) exec /sbin/iptables -A sshguard -s $SSHG_ADDR -j DROP ;; 6) exec /sbin/ip6tables -A sshguard -s $S SHG_ADDR -j DROP ;; *) exit -2 ;; esac": exited 0. Feb 13 06:29:26 asroute1 sshguard[12567]: First sight of offender '78.135.0.30:4', adding to offenders list. Feb 13 06:29:27 asroute1 sshd[19805]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:27 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:29 asroute1 sshd[19807]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:29 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:31 asroute1 sshd[19809]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:31 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:34 asroute1 sshd[19811]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:34 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:35 asroute1 sshguard[12567]: Blocking 78.135.0.30:4 for >840secs: 4 failures over 7 seconds. Feb 13 06:29:35 asroute1 sshguard[12567]: Setting environment: SSHG_ADDR=78.135.0.30;SSHG_ADDRKIND=4;SSHG_SERVICE=100. Feb 13 06:29:35 asroute1 sshguard[12567]: Run command "case $SSHG_ADDRKIND in 4) exec /sbin/iptables -A sshguard -s $SSHG_ADDR -j DROP ;; 6) exec /sbin/ip6tables -A sshguard -s $S SHG_ADDR -j DROP ;; *) exit -2 ;; esac": exited 0. Feb 13 06:29:35 asroute1 sshguard[12567]: Offender '78.135.0.30:4' seen 2 times. Feb 13 06:29:36 asroute1 sshd[19813]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:36 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:38 asroute1 sshd[19816]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:38 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:40 asroute1 sshd[19818]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:40 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:42 asroute1 sshd[19820]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:43 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:43 asroute1 sshguard[12567]: Blocking 78.135.0.30:4 for >1680secs: 4 failures over 7 seconds. Feb 13 06:29:43 asroute1 sshguard[12567]: Setting environment: SSHG_ADDR=78.135.0.30;SSHG_ADDRKIND=4;SSHG_SERVICE=100. Feb 13 06:29:44 asroute1 sshguard[12567]: Run command "case $SSHG_ADDRKIND in 4) exec /sbin/iptables -A sshguard -s $SSHG_ADDR -j DROP ;; 6) exec /sbin/ip6tables -A sshguard -s $S SHG_ADDR -j DROP ;; *) exit -2 ;; esac": exited 0. Feb 13 06:29:44 asroute1 sshguard[12567]: Offender '78.135.0.30:4' seen 3 times (threshold 3) -> blacklisted. Feb 13 06:29:44 asroute1 sshguard[12567]: *Looking for address '78.135.0.30:4'...* Feb 13 06:29:44 asroute1 sshguard[12567]: *Not found.* Feb 13 06:29:44 asroute1 sshguard[12567]: Attacked '78.135.0.30:4' blacklisted. Blacklist now 1 entries. Feb 13 06:29:45 asroute1 sshd[19822]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:45 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:46 asroute1 sshd[19825]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:46 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:49 asroute1 sshd[19827]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:49 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:50 asroute1 sshd[19829]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:50 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:50 asroute1 sshguard[12567]: Blocking 78.135.0.30:4 for >0secs: 4 failures over 5 seconds. Feb 13 06:29:51 asroute1 sshguard[12567]: Setting environment: SSHG_ADDR=78.135.0.30;SSHG_ADDRKIND=4;SSHG_SERVICE=100. Feb 13 06:29:51 asroute1 sshguard[12567]: Run command "case $SSHG_ADDRKIND in 4) exec /sbin/iptables -A sshguard -s $SSHG_ADDR -j DROP ;; 6) exec /sbin/ip6tables -A sshguard -s $SSHG_ADDR -j DROP ;; *) exit -2 ;; esac": exited 0. Feb 13 06:29:51 asroute1 sshguard[12567]: Offender '78.135.0.30:4' seen 4 times (threshold 3) -> blacklisted. Feb 13 06:29:51 asroute1 sshguard[12567]: *Looking for address '78.135.0.30:4'...* Feb 13 06:29:44 asroute1 sshguard[12567]: *Not found.* Feb 13 06:29:44 asroute1 sshguard[12567]: Attacked '78.135.0.30:4' blacklisted. Blacklist now 1 entries. Feb 13 06:29:45 asroute1 sshd[19822]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:45 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:46 asroute1 sshd[19825]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:46 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:49 asroute1 sshd[19827]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:49 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:50 asroute1 sshd[19829]: reverse mapping checking getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE BREAK-IN ATTEMPT! Feb 13 06:29:50 asroute1 sshguard[12567]: Matched address 78.135.0.30:4 attacking service 100 Feb 13 06:29:50 asroute1 sshguard[12567]: Blocking 78.135.0.30:4 for >0secs: 4 failures over 5 seconds. Feb 13 06:29:51 asroute1 sshguard[12567]: Setting environment: SSHG_ADDR=78.135.0.30;SSHG_ADDRKIND=4;SSHG_SERVICE=100. Feb 13 06:29:51 asroute1 sshguard[12567]: Run command "case $SSHG_ADDRKIND in 4) exec /sbin/iptables -A sshguard -s $SSHG_ADDR -j DROP ;; 6) exec /sbin/ip6tables -A sshguard -s $S SHG_ADDR -j DROP ;; *) exit -2 ;; esac": exited 0. Feb 13 06:29:51 asroute1 sshguard[12567]: Offender '78.135.0.30:4' seen 4 times (threshold 3) -> blacklisted. Feb 13 06:29:51 asroute1 sshguard[12567]: *Looking for address '78.135.0.30:4'...* Feb 13 06:29:51 asroute1 sshguard[12567]: *Not found.* Feb 13 06:29:51 asroute1 sshguard[12567]: Attacked '78.135.0.30:4' blacklisted. Blacklist now 1 entries. -- Leonid Shulov <Leo...@en...> Entropic Communications Israel |
|
From: Mij <mi...@bi...> - 2009-02-17 15:22:57
|
I think I understood what you mean with some interpolation with the log you included. From there, it seems a bug. I gotta see if I can reproduce it: under linux on @x86 (that's what you have?) I didn't run into this problem. If you can send the blacklist file to my address (don't pollute the list with that) I'll have a look the next days. On Feb 15, 2009, at 2:11 PM, Leonid Shulov wrote: > Hi, > > If my router attack with ssh user list in sshguard chain I see some > lines, and I am forced to delete superfluous lines every day. > It bug or so should be? > > Why sshguard don't find '78.135.0.30' in sshguard chain: > Feb 13 06:29:44 asroute1 sshguard[12567]: Looking for address > '78.135.0.30:4'... > Feb 13 06:29:44 asroute1 sshguard[12567]: Not found. > > > > iptables -L: > .... > Chain sshguard (1 references) > target prot opt source destination > DROP all -- 221.130.187.174 anywhere > DROP all -- 63.138.202.103 anywhere > DROP all -- 78-135-0-30.extend anywhere > DROP all -- 78-135-0-30.extend anywhere > DROP all -- 78-135-0-30.extend anywhere > DROP all -- 78-135-0-30.extend anywhere > .... > > iptables -L -n: > .... > Chain sshguard (1 references) > target prot opt source destination > DROP all -- 221.130.187.174 0.0.0.0/0 > DROP all -- 63.138.202.103 0.0.0.0/0 > DROP all -- 78.135.0.30 0.0.0.0/0 > DROP all -- 78.135.0.30 0.0.0.0/0 > DROP all -- 78.135.0.30 0.0.0.0/0 > DROP all -- 78.135.0.30 0.0.0.0/0 > .... > > /var/log/auth.log: > Feb 13 06:29:19 asroute1 sshd[19796]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:19 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:20 asroute1 sshd[19798]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:21 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:22 asroute1 sshd[19800]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:22 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:25 asroute1 sshd[19802]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:25 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:25 asroute1 sshguard[12567]: Blocking 78.135.0.30:4 for > >420secs: 4 failures over 6 seconds. > Feb 13 06:29:26 asroute1 sshguard[12567]: Setting environment: > SSHG_ADDR=78.135.0.30;SSHG_ADDRKIND=4;SSHG_SERVICE=100. > Feb 13 06:29:26 asroute1 sshguard[12567]: Run command "case > $SSHG_ADDRKIND in 4) exec /sbin/iptables -A sshguard -s $SSHG_ADDR - > j DROP ;; 6) exec /sbin/ip6tables -A sshguard -s $S > SHG_ADDR -j DROP ;; *) exit -2 ;; esac": exited 0. > Feb 13 06:29:26 asroute1 sshguard[12567]: First sight of offender > '78.135.0.30:4', adding to offenders list. > Feb 13 06:29:27 asroute1 sshd[19805]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:27 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:29 asroute1 sshd[19807]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:29 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:31 asroute1 sshd[19809]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:31 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:34 asroute1 sshd[19811]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:34 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:35 asroute1 sshguard[12567]: Blocking 78.135.0.30:4 for > >840secs: 4 failures over 7 seconds. > Feb 13 06:29:35 asroute1 sshguard[12567]: Setting environment: > SSHG_ADDR=78.135.0.30;SSHG_ADDRKIND=4;SSHG_SERVICE=100. > Feb 13 06:29:35 asroute1 sshguard[12567]: Run command "case > $SSHG_ADDRKIND in 4) exec /sbin/iptables -A sshguard -s $SSHG_ADDR - > j DROP ;; 6) exec /sbin/ip6tables -A sshguard -s $S > SHG_ADDR -j DROP ;; *) exit -2 ;; esac": exited 0. > Feb 13 06:29:35 asroute1 sshguard[12567]: Offender '78.135.0.30:4' > seen 2 times. > Feb 13 06:29:36 asroute1 sshd[19813]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:36 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:38 asroute1 sshd[19816]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:38 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:40 asroute1 sshd[19818]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:40 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:42 asroute1 sshd[19820]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:43 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:43 asroute1 sshguard[12567]: Blocking 78.135.0.30:4 for > >1680secs: 4 failures over 7 seconds. > Feb 13 06:29:43 asroute1 sshguard[12567]: Setting environment: > SSHG_ADDR=78.135.0.30;SSHG_ADDRKIND=4;SSHG_SERVICE=100. > Feb 13 06:29:44 asroute1 sshguard[12567]: Run command "case > $SSHG_ADDRKIND in 4) exec /sbin/iptables -A sshguard -s $SSHG_ADDR - > j DROP ;; 6) exec /sbin/ip6tables -A sshguard -s $S > SHG_ADDR -j DROP ;; *) exit -2 ;; esac": exited 0. > Feb 13 06:29:44 asroute1 sshguard[12567]: Offender '78.135.0.30:4' > seen 3 times (threshold 3) -> blacklisted. > Feb 13 06:29:44 asroute1 sshguard[12567]: Looking for address > '78.135.0.30:4'... > Feb 13 06:29:44 asroute1 sshguard[12567]: Not found. > Feb 13 06:29:44 asroute1 sshguard[12567]: Attacked '78.135.0.30:4' > blacklisted. Blacklist now 1 entries. > Feb 13 06:29:45 asroute1 sshd[19822]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:45 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:46 asroute1 sshd[19825]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:46 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:49 asroute1 sshd[19827]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:49 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:50 asroute1 sshd[19829]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:50 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:50 asroute1 sshguard[12567]: Blocking 78.135.0.30:4 for > >0secs: 4 failures over 5 seconds. > Feb 13 06:29:51 asroute1 sshguard[12567]: Setting environment: > SSHG_ADDR=78.135.0.30;SSHG_ADDRKIND=4;SSHG_SERVICE=100. > Feb 13 06:29:51 asroute1 sshguard[12567]: Run command "case > $SSHG_ADDRKIND in 4) exec /sbin/iptables -A sshguard -s $SSHG_ADDR - > j DROP ;; 6) exec /sbin/ip6tables -A sshguard -s $SSHG_ADDR -j > DROP ;; *) exit -2 ;; esac": exited 0. > Feb 13 06:29:51 asroute1 sshguard[12567]: Offender '78.135.0.30:4' > seen 4 times (threshold 3) -> blacklisted. > Feb 13 06:29:51 asroute1 sshguard[12567]: Looking for address > '78.135.0.30:4'... > Feb 13 06:29:44 asroute1 sshguard[12567]: Not found. > Feb 13 06:29:44 asroute1 sshguard[12567]: Attacked '78.135.0.30:4' > blacklisted. Blacklist now 1 entries. > Feb 13 06:29:45 asroute1 sshd[19822]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:45 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:46 asroute1 sshd[19825]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:46 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:49 asroute1 sshd[19827]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:49 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:50 asroute1 sshd[19829]: reverse mapping checking > getaddrinfo for 78-135-0-30.extend [78.135.0.30] failed - POSSIBLE > BREAK-IN ATTEMPT! > Feb 13 06:29:50 asroute1 sshguard[12567]: Matched address > 78.135.0.30:4 attacking service 100 > Feb 13 06:29:50 asroute1 sshguard[12567]: Blocking 78.135.0.30:4 for > >0secs: 4 failures over 5 seconds. > Feb 13 06:29:51 asroute1 sshguard[12567]: Setting environment: > SSHG_ADDR=78.135.0.30;SSHG_ADDRKIND=4;SSHG_SERVICE=100. > Feb 13 06:29:51 asroute1 sshguard[12567]: Run command "case > $SSHG_ADDRKIND in 4) exec /sbin/iptables -A sshguard -s $SSHG_ADDR - > j DROP ;; 6) exec /sbin/ip6tables -A sshguard -s $S > SHG_ADDR -j DROP ;; *) exit -2 ;; esac": exited 0. > Feb 13 06:29:51 asroute1 sshguard[12567]: Offender '78.135.0.30:4' > seen 4 times (threshold 3) -> blacklisted. > Feb 13 06:29:51 asroute1 sshguard[12567]: Looking for address > '78.135.0.30:4'... > Feb 13 06:29:51 asroute1 sshguard[12567]: Not found. > Feb 13 06:29:51 asroute1 sshguard[12567]: Attacked '78.135.0.30:4' > blacklisted. Blacklist now 1 entries. > > > -- > Leonid Shulov <Leo...@en...> > Entropic Communications Israel > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San > Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the > Enterprise > -Strategies to boost innovation and cut costs with open source > participation > -Receive a $600 discount off the registration fee with the source > code: SFAD > http://p.sf.net/sfu/XcvMzF8H_______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X