Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] firewall log entries
  • From: Robert Rottscholl <lv426@xxxxxxxxxxxxxxx>
  • Date: Sat, 01 Dec 2001 18:23:38 +0100
  • Message-id: <3C09121A.4090107@xxxxxxxxxxxxxxx>


michael.ryan@xxxxxxxx wrote:

I just noticed the following entries in my firewall log:

Nov 23 19:44:11 kore kernel: Packet log: input DENY eth0 PROTO=6
192.168.1.4:22
a.b.c.d:22 L=40 S=0x00 I=16126 F=0x0000 T=246 SYN (#3)
Nov 23 19:47:21 kore kernel: Packet log: input DENY eth0 PROTO=6
192.168.1.4:22
a.b.c.d:22 L=40 S=0x00 I=28824 F=0x0000 T=246 SYN (#3)
Nov 23 19:47:58 kore kernel: Packet log: input DENY eth0 PROTO=6
192.168.1.4:22
a.b.c.d:22 L=40 S=0x00 I=9754 F=0x0000 T=246 SYN (#3)
Nov 23 19:51:35 kore kernel: Packet log: input DENY eth0 PROTO=6
192.168.1.4:22
a.b.c.d:22 L=40 S=0x00 I=38173 F=0x0000 T=246 SYN (#3)

eth0 is the external i/f ... does this indicate ssh connection attempts
with spoofed IP source addresses?
(I do have a machine on reserved IP address 192.168.1.4 but it can only
establish connections to the firewall via eth1)

TIA
Michael



Hi Michael,


you should enable ROUTE VERIFICATION
---snap----

echo > "1" /proc/sys/net/ipv4/conf/<device>/rp_filter

--end of snap--

Ciao ;-)

Robert Rottscholl - DE




< Previous Next >
This Thread