* sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT does not stop ssh attack
@ 2010-10-13 17:59 Red Cricket
2010-10-13 18:03 ` pauloric
2010-10-13 18:42 ` Jan Engelhardt
0 siblings, 2 replies; 3+ messages in thread
From: Red Cricket @ 2010-10-13 17:59 UTC (permalink / raw)
To: netfilter
Sorry for the long subject.
But I execute this on my system ...
sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s
124.225.122.167 -j REJECT does not stop ssh attack
... yet message continue to scroll by in my /var/log/secure file
Oct 13 10:33:27 localhost sshd[28222]: Failed password for root from
124.225.122.167 port 36421 ssh2
Oct 13 10:33:27 localhost sshd[28223]: Received disconnect from
124.225.122.167: 11: Bye Bye
Oct 13 10:33:28 localhost sshd[28227]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=124.225.122.167 user=root
Oct 13 10:33:30 localhost sshd[28227]: Failed password for root from
124.225.122.167 port 39871 ssh2
Oct 13 10:33:30 localhost sshd[28228]: Received disconnect from
124.225.122.167: 11: Bye Bye
Oct 13 10:33:32 localhost sshd[28232]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=124.225.122.167 user=root
Oct 13 10:33:34 localhost sshd[28232]: Failed password for root from
124.225.122.167 port 43158 ssh2
Oct 13 10:33:34 localhost sshd[28233]: Received disconnect from
124.225.122.167: 11: Bye Bye
The messages eventually do stop but I cannot tell if that is because
iptables stopped it or the attacker just gave up?
Is there something wrong with my version of iptables or is my iptables
command no good?
Thanks
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT does not stop ssh attack
2010-10-13 17:59 sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT does not stop ssh attack Red Cricket
@ 2010-10-13 18:03 ` pauloric
2010-10-13 18:42 ` Jan Engelhardt
1 sibling, 0 replies; 3+ messages in thread
From: pauloric @ 2010-10-13 18:03 UTC (permalink / raw)
To: netfilter
Hi
----- Mensagem original -----
> Sorry for the long subject.
>
> But I execute this on my system ...
>
> sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s
> 124.225.122.167 -j REJECT does not stop ssh attack
instead of -A try -I as following:
sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT
Order is important for netfilter...80)
best regards
>
> ... yet message continue to scroll by in my /var/log/secure file
>
> Oct 13 10:33:27 localhost sshd[28222]: Failed password for root from
> 124.225.122.167 port 36421 ssh2
> Oct 13 10:33:27 localhost sshd[28223]: Received disconnect from
> 124.225.122.167: 11: Bye Bye
> Oct 13 10:33:28 localhost sshd[28227]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=124.225.122.167 user=root
> Oct 13 10:33:30 localhost sshd[28227]: Failed password for root from
> 124.225.122.167 port 39871 ssh2
> Oct 13 10:33:30 localhost sshd[28228]: Received disconnect from
> 124.225.122.167: 11: Bye Bye
> Oct 13 10:33:32 localhost sshd[28232]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=124.225.122.167 user=root
> Oct 13 10:33:34 localhost sshd[28232]: Failed password for root from
> 124.225.122.167 port 43158 ssh2
> Oct 13 10:33:34 localhost sshd[28233]: Received disconnect from
> 124.225.122.167: 11: Bye Bye
>
>
> The messages eventually do stop but I cannot tell if that is because
> iptables stopped it or the attacker just gave up?
>
>
> Is there something wrong with my version of iptables or is my iptables
> command no good?
>
> Thanks
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter"
> in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Paulo Ricardo Bruck - consultor
tel 011 3596-4881 011 3596-4882 cel 011 9235-4327
Contato Global Solutions
http://www.contatogs.com.br
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT does not stop ssh attack
2010-10-13 17:59 sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT does not stop ssh attack Red Cricket
2010-10-13 18:03 ` pauloric
@ 2010-10-13 18:42 ` Jan Engelhardt
1 sibling, 0 replies; 3+ messages in thread
From: Jan Engelhardt @ 2010-10-13 18:42 UTC (permalink / raw)
To: Red Cricket; +Cc: netfilter
On Wednesday 2010-10-13 19:59, Red Cricket wrote:
>Sorry for the long subject.
>
>But I execute this on my system ...
>
>sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s
>124.225.122.167 -j REJECT does not stop ssh attack
Standard user problem: -A appends, and most likely in a place
(namely, at the end, by the very definition of append) where
no further rules have effect because all packets have been
handled by previous ones.
>Is there something wrong with my version of iptables or is my iptables
>command no good?
The latter, I suspect.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-10-13 18:42 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-13 17:59 sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT does not stop ssh attack Red Cricket
2010-10-13 18:03 ` pauloric
2010-10-13 18:42 ` Jan Engelhardt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.