annoying brute force attack attempt using ssh
Scott van Looy
scott at ethosuk.net
Thu May 15 11:20:33 UTC 2008
Today Łukasz Jagiełło did spake thusly:
> 2008/5/15 Scott van Looy <scott at ethosuk.net>:
>> May 15 12:04:00 novak sshd[21433]: Connection from 193.239.125.119 port
>> 54204
>> May 15 12:04:01 novak sshd[21433]: Invalid user style from 193.239.125.119
>> May 15 12:04:01 novak sshd[21434]: input_userauth_request: invalid user
>> style
>> May 15 12:04:03 novak sshd[21433]: Failed password for invalid user style
>> from 193.239.125.119 port 54204 ssh2
>> May 15 12:04:03 novak sshd[21434]: Received disconnect from 193.239.125.119:
>> 11: Bye Bye
>>
>>
>> Lots and lots. Around 1 every 5 seconds.
>>
>> So I ran
>> iptables -A INPUT -s 193.239.125.119 -j DROP
>> and was surprised to see them attacks continue
>> Ran iptables -L just to make sure my rule was there and it was
>> in the end had to use hosts.deny to block the IP
>>
>> Anyone got any ideas why?
>
> What about policy at INPUT ?
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
It's the standard firewall created with system-config-firewall
Incidentally, how on earth do I add custom rules to
system-config-firewall? I add them manually, save them, check
/etc/sysconfig/iptables and they're listed, run system-config-firewall and
they're not included. And I have no idea what to put in the Custom rules
box. And I can't find any docs anywhere!
--
Scott van Looy - email:me at ethosuk.org.uk | web:www.ethosuk.org.uk
site:www.freakcity.net - the in place for outcasts since 2003
PGP Fingerprint: 7180 5543 C6C4 747B 7E74 802C 7CF9 E526 44D9 D4A7
-------------------------------------------
|/// /// /// /// WIDE LOAD /// /// /// ///|
-------------------------------------------
McDonald's -- Because you're worth it.
More information about the fedora-list
mailing list