sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT does not stop ssh attack

All of lore.kernel.org
 help / color / mirror / Atom feed

* sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT does not stop ssh attack
@ 2010-10-13 17:59 Red Cricket
  2010-10-13 18:03 ` pauloric
  2010-10-13 18:42 ` Jan Engelhardt
  0 siblings, 2 replies; 3+ messages in thread
From: Red Cricket @ 2010-10-13 17:59 UTC (permalink / raw)
  To: netfilter

Sorry for the long subject.

But I execute this on my system ...

sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s
124.225.122.167 -j REJECT does not stop ssh attack

... yet message continue to scroll by in my /var/log/secure file

Oct 13 10:33:27 localhost sshd[28222]: Failed password for root from
124.225.122.167 port 36421 ssh2
Oct 13 10:33:27 localhost sshd[28223]: Received disconnect from
124.225.122.167: 11: Bye Bye
Oct 13 10:33:28 localhost sshd[28227]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=124.225.122.167  user=root
Oct 13 10:33:30 localhost sshd[28227]: Failed password for root from
124.225.122.167 port 39871 ssh2
Oct 13 10:33:30 localhost sshd[28228]: Received disconnect from
124.225.122.167: 11: Bye Bye
Oct 13 10:33:32 localhost sshd[28232]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=124.225.122.167  user=root
Oct 13 10:33:34 localhost sshd[28232]: Failed password for root from
124.225.122.167 port 43158 ssh2
Oct 13 10:33:34 localhost sshd[28233]: Received disconnect from
124.225.122.167: 11: Bye Bye


The messages eventually do stop but I cannot tell if that is because
iptables stopped it or the attacker just gave up?


Is there something wrong with my version of iptables or is my iptables
command no good?

Thanks

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT does not stop ssh attack
  2010-10-13 17:59 sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT does not stop ssh attack Red Cricket
@ 2010-10-13 18:03 ` pauloric
  2010-10-13 18:42 ` Jan Engelhardt
  1 sibling, 0 replies; 3+ messages in thread
From: pauloric @ 2010-10-13 18:03 UTC (permalink / raw)
  To: netfilter


Hi
----- Mensagem original -----
> Sorry for the long subject.
> 
> But I execute this on my system ...
> 

> sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s
> 124.225.122.167 -j REJECT does not stop ssh attack

instead of -A try -I as following:
sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT

Order is important for netfilter...80)



best regards

> 
> ... yet message continue to scroll by in my /var/log/secure file
> 
> Oct 13 10:33:27 localhost sshd[28222]: Failed password for root from
> 124.225.122.167 port 36421 ssh2
> Oct 13 10:33:27 localhost sshd[28223]: Received disconnect from
> 124.225.122.167: 11: Bye Bye
> Oct 13 10:33:28 localhost sshd[28227]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=124.225.122.167 user=root
> Oct 13 10:33:30 localhost sshd[28227]: Failed password for root from
> 124.225.122.167 port 39871 ssh2
> Oct 13 10:33:30 localhost sshd[28228]: Received disconnect from
> 124.225.122.167: 11: Bye Bye
> Oct 13 10:33:32 localhost sshd[28232]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=124.225.122.167 user=root
> Oct 13 10:33:34 localhost sshd[28232]: Failed password for root from
> 124.225.122.167 port 43158 ssh2
> Oct 13 10:33:34 localhost sshd[28233]: Received disconnect from
> 124.225.122.167: 11: Bye Bye
> 
> 
> The messages eventually do stop but I cannot tell if that is because
> iptables stopped it or the attacker just gave up?
> 
> 
> Is there something wrong with my version of iptables or is my iptables
> command no good?
> 
> Thanks
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter"
> in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html

-- 
Paulo Ricardo Bruck - consultor 
tel 011 3596-4881 011 3596-4882 cel 011 9235-4327 
Contato Global Solutions 
http://www.contatogs.com.br 


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT does not stop ssh attack
  2010-10-13 17:59 sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT does not stop ssh attack Red Cricket
  2010-10-13 18:03 ` pauloric
@ 2010-10-13 18:42 ` Jan Engelhardt
  1 sibling, 0 replies; 3+ messages in thread
From: Jan Engelhardt @ 2010-10-13 18:42 UTC (permalink / raw)
  To: Red Cricket; +Cc: netfilter

On Wednesday 2010-10-13 19:59, Red Cricket wrote:

>Sorry for the long subject.
>
>But I execute this on my system ...
>
>sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s
>124.225.122.167 -j REJECT does not stop ssh attack

Standard user problem: -A appends, and most likely in a place
(namely, at the end, by the very definition of append) where
no further rules have effect because all packets have been
handled by previous ones.

>Is there something wrong with my version of iptables or is my iptables
>command no good?

The latter, I suspect.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2010-10-13 18:42 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-13 17:59 sudo /sbin/iptables -v -t filter -A INPUT -p tcp --dport 22 -s 124.225.122.167 -j REJECT does not stop ssh attack Red Cricket
2010-10-13 18:03 ` pauloric
2010-10-13 18:42 ` Jan Engelhardt

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.