Answer the question
In order to leave comments, you need to log in
S
S
shaivam2015-06-14 14:30:41
shaivam, 2015-06-14 14:30:41
How to understand this (logwatch)?
How to understand it? Why are there no addresses? snippet of ssh log
Illegal users from:
undef: 3 times
\\320\\272\\321\\321\\320\\265 [preauth]: 1 time
\\320\\272root [preauth]: 1 time
\320\ 272\321\321\320\265: 2 times
\320\272root: 1
time "tapping" on other ports to open the port (authorization by keys, so users to get to rdp in lan from wan forward the port with an ssh script; I don't want to send out a new script to everyone, there will be confusion)
Didn't receive an ident from these IPs:
198.20.70.114 (census3.shodan.io): 1 Time(s)
71.6.167.142 (census9.shodan.io): 1 Time(s)
93.120.27.62 (m247.ro.shodan.io): 1 Time(s)
2 answer(s)
@grumbler66rus
If sshd_config says "PasswordAuthentication no", you can ignore it.
If you want to reduce the frequency of connections from the bot, this can be done using iptables like this (this is not a ready-made recipe!):
G
grumbler66rus, 2015-06-14 @grumbler66rus
it's not nice that I often get scanned by this scanner
If sshd_config says "PasswordAuthentication no", you can ignore it.
If you want to reduce the frequency of connections from the bot, this can be done using iptables like this (this is not a ready-made recipe!):
iptables -A INPUT -i eth1 -p tcp --syn --dport 22 -m recent --name sshin --set -m comment --comment "Set SSH incoming connection into table sshin"
iptables -A INPUT -i eth1 -p tcp --syn --dport 22 -m recent --name sshin --update --seconds 30 --hitcount 3 -j REJECT --reject-with tcp-reset -m comment --comment "Reject too quickly SSH new connection attempts"
iptables -A INPUT -i eth1 -p tcp --syn --dport 22 -m connlimit --connlimit-above 2 -j REJECT --reject-with tcp-reset -m comment --comment "SSH: 2 connections from one IP simultaneous
Similar questions
M
M
V
M
H
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question