Can anyone tell me why I have about a hundred of these
Nov 16 08:00:03 bullet ftp(pam_unix)[2045]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45
Nov 16 08:00:06 bullet ftp(pam_unix)[2045]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45
Nov 16 08:00:09 bullet ftp(pam_unix)[2045]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45
Nov 16 08:00:12 bullet ftp(pam_unix)[2045]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45
when that IP address is in /etc/ipkungfu/deny_hosts.conf? Here's my
rules; I don't understand them:
bullet ~ # ipkungfu -l
Chain INPUT (policy DROP 2 packets, 144 bytes)
pkts bytes target prot opt in out source
destination
45662 6103K ACCEPT all -- any any anywhere
anywhere state RELATED,ESTABLISHED
0 0 LOG all -- lo any 0.0.0.1
anywhere LOG level warning prefix `IPKF IPKungFu (--init)'
0 0 DROP all -- eth0 any 210.188.206.107
anywhere
0 0 DROP all -- eth0 any 222.90.206.62
anywhere
0 0 DROP all -- eth0 any 61.178.185.124
anywhere
0 0 DROP all -- eth0 any 65.98.76.197
anywhere
0 0 DROP all -- eth0 any 211.234.99.230
anywhere
0 0 DROP all -- eth0 any 60.191.34.155
anywhere
0 0 DROP all -- eth0 any sd-2742.dedibox.fr
anywhere
1 40 DROP all -- eth0 any nameservices.net
anywhere
1 55 DROP all -- eth0 any 222.135.146.45
anywhere
28 1598 ACCEPT all -- any any camille.espersunited.com
anywhere
7 351 ACCEPT all -- any any
catherine.espersunited.com anywhere
0 0 DROP all -- any any anywhere
anywhere recent: CHECK seconds: 120 name: badguy side: source
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/sec
burst 5 LOG level warning prefix `IPKF flags ALL: '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
3/sec burst 5 LOG level warning prefix `IPKF flags NONE: '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit:
avg 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap XMAS): '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg
3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap FIN): '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 3/sec burst 5
LOG level warning prefix `IPKF flags SYN,FIN: '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:SYN,RST/SYN,RST limit: avg 3/sec burst 5
LOG level warning prefix `IPKF flags SYN,RST: '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/sec burst
5 LOG level warning prefix `IPKF SYN,RST,ACK,FIN,URG: '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap NULL): '
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN/FIN,SYN
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:SYN,RST/SYN,RST
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
3 276 ACCEPT icmp -- any any anywhere
anywhere icmp echo-request
85 3400 LOG all -- any any anywhere
anywhere state INVALID limit: avg 3/sec burst 5 LOG level
warning prefix `IPKF Invalid TCP flag: '
85 3400 DROP all -- any any anywhere
anywhere state INVALID
0 0 LOG all -f eth0 any anywhere
anywhere limit: avg 3/sec burst 5 LOG level warning prefix
`IPKF Fragmented Packet: '
0 0 DROP all -f eth0 any anywhere
anywhere
0 0 LOG icmp -- eth0 any anywhere
anywhere icmp timestamp-request limit: avg 3/sec burst 5 LOG
level warning prefix `IPKF ICMP Timestamp: '
0 0 DROP icmp -- eth0 any anywhere
anywhere icmp timestamp-request
125 6656 syn-flood tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,ACK/SYN
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:!SYN,RST,ACK/SYN state NEW limit: avg
3/sec burst 5 LOG level warning prefix `IPKF New Not SYN: '
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
0 0 DROP tcp -- eth0 any anywhere
anywhere multiport dports netbios-ns,6666
2 808 DROP udp -- eth0 any anywhere
anywhere multiport dports ms-sql-m
102 5552 ACCEPT tcp -- eth0 any anywhere
anywhere state NEW multiport dports
ftp,ssh,smtp,http,imap,https
0 0 ACCEPT udp -- eth0 any anywhere
anywhere state NEW multiport dports imap
203 15337 ACCEPT all -- lo any anywhere
anywhere state NEW
0 0 ACCEPT all -- lo any localhost.localdomain
anywhere state NEW
2 112 REJECT tcp -- any any anywhere
anywhere tcp dpt:auth reject-with tcp-reset
146 38531 LOG !icmp -- any any anywhere
anywhere limit: avg 3/sec burst 5 LOG level warning prefix
`IPKF INPUT Catch-all: '
146 38531 DROP all -- any any anywhere
anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- any any anywhere
anywhere state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth0 any camille.espersunited.com
anywhere
0 0 ACCEPT all -- eth0 any
catherine.espersunited.com anywhere
0 0 DROP all -- eth0 any anywhere
anywhere recent: CHECK seconds: 120 name: badguy side: source
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/sec
burst 5 LOG level warning prefix `IPKF flags ALL: '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
3/sec burst 5 LOG level warning prefix `IPKF flags NONE: '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit:
avg 3/sec burst 5 LOG level warning prefix `IPKF flags FIN,URG,PSH: '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg
3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap XMAS): '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 3/sec burst 5
LOG level warning prefix `IPKF flags SYN,FIN: '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:SYN,RST/SYN,RST limit: avg 3/sec burst 5
LOG level warning prefix `IPKF flags SYN,RST: '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/sec burst
5 LOG level warning prefix `IPKF SYN,RST,ACK,FIN,URG: '
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap NULL): '
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN/FIN,SYN
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:SYN,RST/SYN,RST
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
0 0 LOG all -- eth0 any anywhere
anywhere state INVALID limit: avg 3/sec burst 5 LOG level
warning prefix `IPKF Invalid TCP flag: '
0 0 DROP all -- eth0 any anywhere
anywhere state INVALID
0 0 LOG all -f eth0 any anywhere
anywhere limit: avg 3/sec burst 5 LOG level warning prefix
`IPKF Fragmented Packet: '
0 0 DROP all -f eth0 any anywhere
anywhere
0 0 LOG icmp -- eth0 any anywhere
anywhere icmp timestamp-request limit: avg 3/sec burst 5 LOG
level warning prefix `IPKF ICMP Timestamp: '
0 0 DROP icmp -- eth0 any anywhere
anywhere icmp timestamp-request
0 0 syn-flood tcp -- eth0 any anywhere
anywhere tcp flags:FIN,SYN,RST,ACK/SYN
0 0 LOG tcp -- eth0 any anywhere
anywhere tcp flags:!SYN,RST,ACK/SYN state NEW limit: avg
3/sec burst 5 LOG level warning prefix `IPKF New Not SYN: '
0 0 DROP tcp -- eth0 any anywhere
anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
0 0 DROP tcp -- eth0 any anywhere
anywhere multiport dports netbios-ns,6666
0 0 DROP udp -- eth0 any anywhere
anywhere multiport dports ms-sql-m
0 0 REJECT tcp -- eth0 any anywhere
anywhere tcp dpt:auth reject-with tcp-reset
Chain OUTPUT (policy ACCEPT 5 packets, 366 bytes)
pkts bytes target prot opt in out source
destination
60950 17M ACCEPT all -- any any anywhere
anywhere state RELATED,ESTABLISHED
968 76964 ACCEPT all -- any any anywhere
anywhere state NEW
Chain syn-flood (2 references)
pkts bytes target prot opt in out source
destination
125 6656 RETURN all -- any any anywhere
anywhere limit: avg 10/sec burst 24
0 0 LOG all -- any any anywhere
anywhere limit: avg 3/sec burst 5 LOG level warning prefix
`IPKF SYN flood: '
0 0 DROP all -- any any anywhere
anywhere
bullet ~ #
--
gentoo-user@gentoo.org mailing list
