[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] SuSefirewall - protect sshd



Ludwig Nussel wrote:
> Otto Rodusek (AP-SGP) wrote:
>   
>> I'm a bit confused with Susefirewall. I have had a number of robot
>> attacks against sshd so I set the following rule in SuSefirewall to
>> limit the number of allowable sshd logins per 60 second period:
>>
>> FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
>>     
>
> Provided that your network interface is in the external zone this
> should work fine.
>
> cu
> Ludwig
>   
Hi Ludwig,

Yes my interface is indeed in the external zone. From my log files (as
per below) I can see that it does not however work
. I'm not sure what to try next to make it work!! Rgds. Otto.

[hundreds of such lines]
Mar 10 01:32:54 sshd[19890]: Invalid user patrick from 222.156.220.25
Mar 10 01:32:56 sshd[19892]: Invalid user patrick from 222.156.220.25
Mar 10 01:33:09 sshd[19904]: Invalid user rolo from 222.156.220.25
Mar 10 01:33:11 sshd[19906]: Invalid user iceuser from 222.156.220.25
Mar 10 01:33:12 sshd[19908]: Invalid user horde from 222.156.220.25
Mar 10 01:33:14 sshd[19910]: Invalid user cyrus from 222.156.220.25
Mar 10 01:33:16 sshd[19912]: Invalid user www from 222.156.220.25

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx