Can anyone tell me why I have about a hundred of these
Nov 16 08:00:03 bullet ftp(pam_unix)[2045]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45
Nov 16 08:00:06 bullet ftp(pam_unix)[2045]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45
Nov 16 08:00:09 bullet ftp(pam_unix)[2045]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45
Nov 16 08:00:12 bullet ftp(pam_unix)[2045]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45
when that IP address is in /etc/ipkungfu/deny_hosts.conf? Here's my
rules; I don't understand them:
bullet ~ # ipkungfu -l
Chain INPUT (policy DROP 2 packets, 144 bytes)
pkts bytes target prot opt in out source
destination
45662 6103K ACCEPT all -- anyany anywhere
anywherestate RELATED,ESTABLISHED
0 0 LOGall -- lo any 0.0.0.1
anywhereLOG level warning prefix `IPKF IPKungFu (--init)'
0 0 DROP all -- eth0 any 210.188.206.107
anywhere
0 0 DROP all -- eth0 any 222.90.206.62
anywhere
0 0 DROP all -- eth0 any 61.178.185.124
anywhere
0 0 DROP all -- eth0 any 65.98.76.197
anywhere
0 0 DROP all -- eth0 any 211.234.99.230
anywhere
0 0 DROP all -- eth0 any 60.191.34.155
anywhere
0 0 DROP all -- eth0 any sd-2742.dedibox.fr
anywhere
140 DROP all -- eth0 any nameservices.net
anywhere
155 DROP all -- eth0 any 222.135.146.45
anywhere
28 1598 ACCEPT all -- anyany camille.espersunited.com
anywhere
7 351 ACCEPT all -- anyany
catherine.espersunited.com anywhere
0 0 DROP all -- anyany anywhere
anywhererecent: CHECK seconds: 120 name: badguy side: source
0 0 LOGtcp -- eth0 any anywhere
anywheretcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/sec
burst 5 LOG level warning prefix `IPKF flags ALL: '
0 0 LOGtcp -- eth0 any anywhere
anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
3/sec burst 5 LOG level warning prefix `IPKF flags NONE: '
0 0 LOGtcp -- eth0 any anywhere
anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit:
avg 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap XMAS): '
0 0 LOGtcp -- eth0 any anywhere
anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg
3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap FIN): '
0 0 LOGtcp -- eth0 any anywhere
anywheretcp flags:FIN,SYN/FIN,SYN limit: avg 3/sec burst 5
LOG level warning prefix `IPKF flags SYN,FIN: '
0 0 LOGtcp -- eth0 any anywhere
anywheretcp flags:SYN,RST/SYN,RST limit: avg 3/sec burst 5
LOG level warning prefix `IPKF flags SYN,RST: '
0 0 LOGtcp -- eth0 any anywhere
anywheretcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/sec burst
5 LOG level warning prefix `IPKF SYN,RST,ACK,FIN,URG: '
0 0 LOGtcp -- eth0 any anywhere
anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap NULL): '
0 0 DROP tcp -- eth0 any anywhere
anywheretcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
0 0 DROP tcp -- eth0 any anywhere
anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
0 0 DROP tcp -- eth0 any anywhere
anywheretcp flags:FIN,SYN/FIN,SYN
0 0 DROP tcp -- eth0 any anywhere
anywheretcp flags:SYN,RST/SYN,RST
0 0 DROP tcp -- eth0 any anywhere
anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
0 0 DROP tcp -- eth0 any anywhere
anywheretcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
0 0 DROP tcp -- eth0 any anywhere
anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
0 0 DROP tcp -- eth0 any anywhere
anywheretcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
3 276 ACCEPT icmp -- anyany anywhere
anywhereicmp echo-request
85 3400 LOGall -- anyany anywhere
anywherestate INVALID limit: avg 3/sec burst 5 LOG level
warning prefix `IPKF Invalid TCP flag: '
85 3400 DROP all -- anyany anywhere
anywherestate INVALID
0 0 LOGall -f eth0 any anywhere
anywherelimit: avg 3/sec burst 5 LOG level warning prefix
`IPKF Fragmented Packet: '
0 0 DROP all -f eth0 any anywhere
anywhere
0