SoulPatrol wrote:
Hallo Robert,
Am Saturday, December 01, 2001, 6:23:38 PM, schriebst du:
michael.ryan@storm.ie wrote:
I just noticed the following entries in my firewall log:
Nov 23 19:44:11 kore kernel: Packet log: input DENY eth0 PROTO=6 192.168.1.4:22 a.b.c.d:22 L=40 S=0x00 I=16126 F=0x0000 T=246 SYN (#3) Nov 23 19:47:21 kore kernel: Packet log: input DENY eth0 PROTO=6 192.168.1.4:22 a.b.c.d:22 L=40 S=0x00 I=28824 F=0x0000 T=246 SYN (#3) Nov 23 19:47:58 kore kernel: Packet log: input DENY eth0 PROTO=6 192.168.1.4:22 a.b.c.d:22 L=40 S=0x00 I=9754 F=0x0000 T=246 SYN (#3) Nov 23 19:51:35 kore kernel: Packet log: input DENY eth0 PROTO=6 192.168.1.4:22 a.b.c.d:22 L=40 S=0x00 I=38173 F=0x0000 T=246 SYN (#3)
eth0 is the external i/f ... does this indicate ssh connection attempts with spoofed IP source addresses? (I do have a machine on reserved IP address 192.168.1.4 but it can only establish connections to the firewall via eth1)
TIA Michael
Hi Michael,
you should enable ROUTE VERIFICATION ---snap----
echo >> "1" /proc/sys/net/ipv4/conf/<device>/rp_filter ^ | | What's that good for? See "http://www.netcologne.de/~meberg/netfilter/Packet-Filtering-HOWTO.txt" near the end you find the description. Ciao ;-) Robert
--end of snap--
Ciao ;-)
Robert Rottscholl - DE