[Shorewall-users] ssh script attacks

Sat, 17 Jan 2009 00:13:11 -0800 

Hello Mailinglist,

in my logcheck I saw attacks like:

Jan 16 06:44:22 micky sshd[21840]: Failed password for proxy from 
38.97.212.172 port 52993 ssh2
Jan 16 06:58:50 micky sshd[5529]: Failed password for irc from 
38.97.212.172 port 49597 ssh2
Jan 16 06:59:00 micky sshd[5541]: Failed password for nobody from 
38.97.212.172 port 51432 ssh2
Jan 16 07:22:27 micky sshd[7240]: Failed password for daemon from 
38.97.212.172 port 45159 ssh2
Jan 16 07:22:31 micky sshd[7244]: Failed password for games from 
38.97.212.172 port 45834 ssh2
Jan 16 07:23:06 micky sshd[7276]: Failed password for sync from 
38.97.212.172 port 51895 ssh2
Jan 16 07:38:30 micky sshd[8095]: Failed password for administrator from 
38.97.212.172 port 36917 ssh2
Jan 16 07:38:54 micky sshd[8115]: Failed password for mail from 
38.97.212.172 port 40891 ssh2
Jan 16 07:54:51 micky sshd[8941]: Failed password for sshd from 
38.97.212.172 port 53351 ssh2
Jan 16 08:10:09 micky sshd[11391]: Failed password for root from 
38.97.212.172 port 60942 ssh2
Jan 16 08:10:14 micky sshd[11395]: Failed password for root from 
38.97.212.172 port 33514 ssh2

Therefore I want to protect my firewall with a Information of the Internet:

WAN=ppp+ eth1
IPTABLES_BIN=/usr/sbin/iptables
# diese beiden Variablen sind anzupassen

        for Interf in $WAN; do
$IPTABLES_BIN -A INPUT -i $Interf -p tcp --dport 22 -m state --state NEW \
        -m recent --set --name SSH
$IPTABLES_BIN -A INPUT -i $Interf -p tcp --dport 22 -m state --state NEW \
        -m recent --rcheck --seconds 60 --hitcount 4 --rttl --name SSH \
        -j REJECT --reject-with tcp-reset
$IPTABLES_BIN -A INPUT -i $Interf -p tcp --dport 22 -m state --state NEW \
        -j ACCEPT
   done


How can I translate this in shorewall?

Thank you!

tony

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to