Mailinglist Archive: opensuse-bugs (19803 mails)
| < Previous | Next > |
[Bug 386424] New: FW_SERVICES_ACCEPT_EXT= ...hitcount=2,blockseconds=99, recentname=ssh not stopping ssh attacks
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Sat, 3 May 2008 10:58:53 -0600 (MDT)
- Message-id: <bug-386424-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=386424
Summary: FW_SERVICES_ACCEPT_EXT=
...hitcount=2,blockseconds=99,recentname=ssh not
stopping ssh attacks
Product: openSUSE 10.3
Version: Final
Platform: x86-64
OS/Version: openSUSE 10.3
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
AssignedTo: security-team@xxxxxxx
ReportedBy: rdgaydos@xxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
# Supported flags are
# hitcount=NUMBER : ipt_recent --hitcount parameter
# blockseconds=NUMBER : ipt_recent --seconds parameter
# recentname=NAME : ipt_recent --name parameter
# Example:
# Allow max three ssh connects per minute from the same IP address:
# "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
#
I have in file /etc/sysconfig/SuSEfirewall2
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=2,blockseconds=99,recentname=ssh"
FW_SERVICES_ACCEPT_INT="0/0,tcp,22,,hitcount=2,blockseconds=99,recentname=ssh"
FW_SERVICES_ACCEPT_DMZ="0/0,tcp,22,,hitcount=2,blockseconds=99,recentname=ssh"
I'm a newbie at this, but this should prevent someone from trying to ssh to my
server multiple times within 99 seconds.
However,
grep sshd messages | grep ssh2
shows
May 3 16:29:03 pb1 sshd[6229]: Failed keyboard-interactive/pam for invalid
user posuser from 221.158.48.69 port 24726 ssh2
May 3 16:29:06 pb1 sshd[6237]: Failed keyboard-interactive/pam for invalid
user firefly from 221.158.48.69 port 24767 ssh2
May 3 16:29:08 pb1 sshd[6243]: Failed keyboard-interactive/pam for invalid
user faxcenter from 221.158.48.69 port 24804 ssh2
May 3 16:29:10 pb1 sshd[6249]: Failed keyboard-interactive/pam for invalid
user center from 221.158.48.69 port 24840 ssh2
May 3 16:29:13 pb1 sshd[6255]: Failed keyboard-interactive/pam for invalid
user hyperftp from 221.158.48.69 port 24876 ssh2
May 3 16:29:15 pb1 sshd[6261]: Failed keyboard-interactive/pam for invalid
user update from 221.158.48.69 port 24910 ssh2
May 3 16:29:17 pb1 sshd[6267]: Failed keyboard-interactive/pam for invalid
user consultant from 221.158.48.69 port 24943 ssh2
May 3 16:29:20 pb1 sshd[6273]: Failed keyboard-interactive/pam for invalid
user zhangxiyun from 221.158.48.69 port 24982 ssh2
May 3 16:29:22 pb1 sshd[6279]: Failed keyboard-interactive/pam for invalid
user zhang from 221.158.48.69 port 25024 ssh2
May 3 16:29:25 pb1 sshd[6285]: Failed keyboard-interactive/pam for invalid
user bejo from 221.158.48.69 port 25062 ssh2
May 3 16:29:27 pb1 sshd[6291]: Failed keyboard-interactive/pam for invalid
user ainun from 221.158.48.69 port 25093 ssh2
May 3 16:29:29 pb1 sshd[6297]: Failed keyboard-interactive/pam for invalid
user sql-srv from 221.158.48.69 port 25131 ssh2
May 3 16:29:32 pb1 sshd[6303]: Failed keyboard-interactive/pam for invalid
user sql from 221.158.48.69 port 25166 ssh2
May 3 16:29:34 pb1 sshd[6309]: Failed keyboard-interactive/pam for invalid
user kanoh from 221.158.48.69 port 25202 ssh2
May 3 16:29:36 pb1 sshd[6315]: Failed keyboard-interactive/pam for invalid
user webmanager from 221.158.48.69 port 25236 ssh2
May 3 16:29:39 pb1 sshd[6321]: Failed keyboard-interactive/pam for invalid
user lijiang from 221.158.48.69 port 25273 ssh2
May 3 16:29:41 pb1 sshd[6327]: Failed keyboard-interactive/pam for invalid
user lijun from 221.158.48.69 port 25304 ssh2
May 3 16:29:43 pb1 sshd[6333]: Failed keyboard-interactive/pam for invalid
user zpzyt from 221.158.48.69 port 25339 ssh2
May 3 16:29:46 pb1 sshd[6339]: Failed keyboard-interactive/pam for invalid
user yurigaoka from 221.158.48.69 port 25377 ssh2
May 3 16:29:48 pb1 sshd[6345]: Failed keyboard-interactive/pam for invalid
user otsuki from 221.158.48.69 port 25417 ssh2
May 3 16:29:50 pb1 sshd[6351]: Failed keyboard-interactive/pam for invalid
user furukawa from 221.158.48.69 port 25448 ssh2
May 3 16:29:53 pb1 sshd[6357]: Failed keyboard-interactive/pam for invalid
user dohmar from 221.158.48.69 port 25485 ssh2
May 3 16:29:55 pb1 sshd[6363]: Failed keyboard-interactive/pam for invalid
user jgerken from 221.158.48.69 port 25519 ssh2
May 3 16:29:57 pb1 sshd[6369]: Failed keyboard-interactive/pam for invalid
user jshaw from 221.158.48.69 port 25557 ssh2
May 3 16:30:00 pb1 sshd[6375]: Failed keyboard-interactive/pam for invalid
user books from 221.158.48.69 port 25594 ssh2
May 3 16:30:02 pb1 sshd[6381]: Failed keyboard-interactive/pam for invalid
user project from 221.158.48.69 port 25629 ssh2
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Summary: FW_SERVICES_ACCEPT_EXT=
...hitcount=2,blockseconds=99,recentname=ssh not
stopping ssh attacks
Product: openSUSE 10.3
Version: Final
Platform: x86-64
OS/Version: openSUSE 10.3
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
AssignedTo: security-team@xxxxxxx
ReportedBy: rdgaydos@xxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
From the documention:
# Supported flags are
# hitcount=NUMBER : ipt_recent --hitcount parameter
# blockseconds=NUMBER : ipt_recent --seconds parameter
# recentname=NAME : ipt_recent --name parameter
# Example:
# Allow max three ssh connects per minute from the same IP address:
# "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
#
I have in file /etc/sysconfig/SuSEfirewall2
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=2,blockseconds=99,recentname=ssh"
FW_SERVICES_ACCEPT_INT="0/0,tcp,22,,hitcount=2,blockseconds=99,recentname=ssh"
FW_SERVICES_ACCEPT_DMZ="0/0,tcp,22,,hitcount=2,blockseconds=99,recentname=ssh"
I'm a newbie at this, but this should prevent someone from trying to ssh to my
server multiple times within 99 seconds.
However,
grep sshd messages | grep ssh2
shows
May 3 16:29:03 pb1 sshd[6229]: Failed keyboard-interactive/pam for invalid
user posuser from 221.158.48.69 port 24726 ssh2
May 3 16:29:06 pb1 sshd[6237]: Failed keyboard-interactive/pam for invalid
user firefly from 221.158.48.69 port 24767 ssh2
May 3 16:29:08 pb1 sshd[6243]: Failed keyboard-interactive/pam for invalid
user faxcenter from 221.158.48.69 port 24804 ssh2
May 3 16:29:10 pb1 sshd[6249]: Failed keyboard-interactive/pam for invalid
user center from 221.158.48.69 port 24840 ssh2
May 3 16:29:13 pb1 sshd[6255]: Failed keyboard-interactive/pam for invalid
user hyperftp from 221.158.48.69 port 24876 ssh2
May 3 16:29:15 pb1 sshd[6261]: Failed keyboard-interactive/pam for invalid
user update from 221.158.48.69 port 24910 ssh2
May 3 16:29:17 pb1 sshd[6267]: Failed keyboard-interactive/pam for invalid
user consultant from 221.158.48.69 port 24943 ssh2
May 3 16:29:20 pb1 sshd[6273]: Failed keyboard-interactive/pam for invalid
user zhangxiyun from 221.158.48.69 port 24982 ssh2
May 3 16:29:22 pb1 sshd[6279]: Failed keyboard-interactive/pam for invalid
user zhang from 221.158.48.69 port 25024 ssh2
May 3 16:29:25 pb1 sshd[6285]: Failed keyboard-interactive/pam for invalid
user bejo from 221.158.48.69 port 25062 ssh2
May 3 16:29:27 pb1 sshd[6291]: Failed keyboard-interactive/pam for invalid
user ainun from 221.158.48.69 port 25093 ssh2
May 3 16:29:29 pb1 sshd[6297]: Failed keyboard-interactive/pam for invalid
user sql-srv from 221.158.48.69 port 25131 ssh2
May 3 16:29:32 pb1 sshd[6303]: Failed keyboard-interactive/pam for invalid
user sql from 221.158.48.69 port 25166 ssh2
May 3 16:29:34 pb1 sshd[6309]: Failed keyboard-interactive/pam for invalid
user kanoh from 221.158.48.69 port 25202 ssh2
May 3 16:29:36 pb1 sshd[6315]: Failed keyboard-interactive/pam for invalid
user webmanager from 221.158.48.69 port 25236 ssh2
May 3 16:29:39 pb1 sshd[6321]: Failed keyboard-interactive/pam for invalid
user lijiang from 221.158.48.69 port 25273 ssh2
May 3 16:29:41 pb1 sshd[6327]: Failed keyboard-interactive/pam for invalid
user lijun from 221.158.48.69 port 25304 ssh2
May 3 16:29:43 pb1 sshd[6333]: Failed keyboard-interactive/pam for invalid
user zpzyt from 221.158.48.69 port 25339 ssh2
May 3 16:29:46 pb1 sshd[6339]: Failed keyboard-interactive/pam for invalid
user yurigaoka from 221.158.48.69 port 25377 ssh2
May 3 16:29:48 pb1 sshd[6345]: Failed keyboard-interactive/pam for invalid
user otsuki from 221.158.48.69 port 25417 ssh2
May 3 16:29:50 pb1 sshd[6351]: Failed keyboard-interactive/pam for invalid
user furukawa from 221.158.48.69 port 25448 ssh2
May 3 16:29:53 pb1 sshd[6357]: Failed keyboard-interactive/pam for invalid
user dohmar from 221.158.48.69 port 25485 ssh2
May 3 16:29:55 pb1 sshd[6363]: Failed keyboard-interactive/pam for invalid
user jgerken from 221.158.48.69 port 25519 ssh2
May 3 16:29:57 pb1 sshd[6369]: Failed keyboard-interactive/pam for invalid
user jshaw from 221.158.48.69 port 25557 ssh2
May 3 16:30:00 pb1 sshd[6375]: Failed keyboard-interactive/pam for invalid
user books from 221.158.48.69 port 25594 ssh2
May 3 16:30:02 pb1 sshd[6381]: Failed keyboard-interactive/pam for invalid
user project from 221.158.48.69 port 25629 ssh2
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
| < Previous | Next > |