https://bugzilla.novell.com/show_bug.cgi?id=386424 Summary: FW_SERVICES_ACCEPT_EXT= ...hitcount=2,blockseconds=99,recentname=ssh not stopping ssh attacks Product: openSUSE 10.3 Version: Final Platform: x86-64 OS/Version: openSUSE 10.3 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: rdgaydos@yahoo.com QAContact: qa@suse.de Found By: ---

From the documention:

# Supported flags are # hitcount=NUMBER : ipt_recent --hitcount parameter # blockseconds=NUMBER : ipt_recent --seconds parameter # recentname=NAME : ipt_recent --name parameter # Example: # Allow max three ssh connects per minute from the same IP address: # "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" # I have in file /etc/sysconfig/SuSEfirewall2 FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=2,blockseconds=99,recentname=ssh" FW_SERVICES_ACCEPT_INT="0/0,tcp,22,,hitcount=2,blockseconds=99,recentname=ssh" FW_SERVICES_ACCEPT_DMZ="0/0,tcp,22,,hitcount=2,blockseconds=99,recentname=ssh" I'm a newbie at this, but this should prevent someone from trying to ssh to my server multiple times within 99 seconds. However, grep sshd messages | grep ssh2 shows May 3 16:29:03 pb1 sshd[6229]: Failed keyboard-interactive/pam for invalid user posuser from 221.158.48.69 port 24726 ssh2 May 3 16:29:06 pb1 sshd[6237]: Failed keyboard-interactive/pam for invalid user firefly from 221.158.48.69 port 24767 ssh2 May 3 16:29:08 pb1 sshd[6243]: Failed keyboard-interactive/pam for invalid user faxcenter from 221.158.48.69 port 24804 ssh2 May 3 16:29:10 pb1 sshd[6249]: Failed keyboard-interactive/pam for invalid user center from 221.158.48.69 port 24840 ssh2 May 3 16:29:13 pb1 sshd[6255]: Failed keyboard-interactive/pam for invalid user hyperftp from 221.158.48.69 port 24876 ssh2 May 3 16:29:15 pb1 sshd[6261]: Failed keyboard-interactive/pam for invalid user update from 221.158.48.69 port 24910 ssh2 May 3 16:29:17 pb1 sshd[6267]: Failed keyboard-interactive/pam for invalid user consultant from 221.158.48.69 port 24943 ssh2 May 3 16:29:20 pb1 sshd[6273]: Failed keyboard-interactive/pam for invalid user zhangxiyun from 221.158.48.69 port 24982 ssh2 May 3 16:29:22 pb1 sshd[6279]: Failed keyboard-interactive/pam for invalid user zhang from 221.158.48.69 port 25024 ssh2 May 3 16:29:25 pb1 sshd[6285]: Failed keyboard-interactive/pam for invalid user bejo from 221.158.48.69 port 25062 ssh2 May 3 16:29:27 pb1 sshd[6291]: Failed keyboard-interactive/pam for invalid user ainun from 221.158.48.69 port 25093 ssh2 May 3 16:29:29 pb1 sshd[6297]: Failed keyboard-interactive/pam for invalid user sql-srv from 221.158.48.69 port 25131 ssh2 May 3 16:29:32 pb1 sshd[6303]: Failed keyboard-interactive/pam for invalid user sql from 221.158.48.69 port 25166 ssh2 May 3 16:29:34 pb1 sshd[6309]: Failed keyboard-interactive/pam for invalid user kanoh from 221.158.48.69 port 25202 ssh2 May 3 16:29:36 pb1 sshd[6315]: Failed keyboard-interactive/pam for invalid user webmanager from 221.158.48.69 port 25236 ssh2 May 3 16:29:39 pb1 sshd[6321]: Failed keyboard-interactive/pam for invalid user lijiang from 221.158.48.69 port 25273 ssh2 May 3 16:29:41 pb1 sshd[6327]: Failed keyboard-interactive/pam for invalid user lijun from 221.158.48.69 port 25304 ssh2 May 3 16:29:43 pb1 sshd[6333]: Failed keyboard-interactive/pam for invalid user zpzyt from 221.158.48.69 port 25339 ssh2 May 3 16:29:46 pb1 sshd[6339]: Failed keyboard-interactive/pam for invalid user yurigaoka from 221.158.48.69 port 25377 ssh2 May 3 16:29:48 pb1 sshd[6345]: Failed keyboard-interactive/pam for invalid user otsuki from 221.158.48.69 port 25417 ssh2 May 3 16:29:50 pb1 sshd[6351]: Failed keyboard-interactive/pam for invalid user furukawa from 221.158.48.69 port 25448 ssh2 May 3 16:29:53 pb1 sshd[6357]: Failed keyboard-interactive/pam for invalid user dohmar from 221.158.48.69 port 25485 ssh2 May 3 16:29:55 pb1 sshd[6363]: Failed keyboard-interactive/pam for invalid user jgerken from 221.158.48.69 port 25519 ssh2 May 3 16:29:57 pb1 sshd[6369]: Failed keyboard-interactive/pam for invalid user jshaw from 221.158.48.69 port 25557 ssh2 May 3 16:30:00 pb1 sshd[6375]: Failed keyboard-interactive/pam for invalid user books from 221.158.48.69 port 25594 ssh2 May 3 16:30:02 pb1 sshd[6381]: Failed keyboard-interactive/pam for invalid user project from 221.158.48.69 port 25629 ssh2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.