리눅스 분류
iptable에 차단해도 계속 들어오는 이유는요?
작성자 정보
- 문성민 작성
- 작성일
컨텐츠 정보
- 2,183 조회
- 3 댓글
- 0 추천
- 목록
본문
아래와 같은 ssh 접근시도가 계속 이어지고 있습니다.
그래서 61.153.56.43 으로 차단했는데도 계속 로그가 쌓이고 있습니다.
-A INPUT -s 61.153.56.43 -j DROP
방화벽이 재시작해도 마찬가지 이구요...
port는 아직 변경하지 않았습니다. 다른 이유가 있는지요?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Dec 2 05:11:27 www sshd[30751]: Invalid user out from 61.153.56.43
Dec 2 05:11:27 www sshd[30754]: input_userauth_request: invalid user out
Dec 2 05:11:27 www sshd[30751]: pam_unix(sshd:auth): check pass; user unknown
Dec 2 05:11:27 www sshd[30751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.153.56.43
Dec 2 05:11:27 www sshd[30751]: pam_succeed_if(sshd:auth): error retrieving information about user out
Dec 2 05:11:30 www sshd[30751]: Failed password for invalid user out from 61.153.56.43 port 59146 ssh2
Dec 2 05:11:30 www sshd[30754]: Received disconnect from 61.153.56.43: 11: Bye Bye
Dec 2 05:11:32 www sshd[30762]: Invalid user server from 61.153.56.43
Dec 2 05:11:32 www sshd[30765]: input_userauth_request: invalid user server
그래서 61.153.56.43 으로 차단했는데도 계속 로그가 쌓이고 있습니다.
-A INPUT -s 61.153.56.43 -j DROP
방화벽이 재시작해도 마찬가지 이구요...
port는 아직 변경하지 않았습니다. 다른 이유가 있는지요?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Dec 2 05:11:27 www sshd[30751]: Invalid user out from 61.153.56.43
Dec 2 05:11:27 www sshd[30754]: input_userauth_request: invalid user out
Dec 2 05:11:27 www sshd[30751]: pam_unix(sshd:auth): check pass; user unknown
Dec 2 05:11:27 www sshd[30751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.153.56.43
Dec 2 05:11:27 www sshd[30751]: pam_succeed_if(sshd:auth): error retrieving information about user out
Dec 2 05:11:30 www sshd[30751]: Failed password for invalid user out from 61.153.56.43 port 59146 ssh2
Dec 2 05:11:30 www sshd[30754]: Received disconnect from 61.153.56.43: 11: Bye Bye
Dec 2 05:11:32 www sshd[30762]: Invalid user server from 61.153.56.43
Dec 2 05:11:32 www sshd[30765]: input_userauth_request: invalid user server
관련자료
-
이전
-
다음
댓글 3
ruo91님의 댓글
- ruo91
- 작성일
[root@yongbok ~]# echo 'sshd : 192.168.0.2 : ALLOW' >> /etc/hosts.allow
[root@yongbok ~]# echo 'sshd : ALL' >> /etc/hosts.deny
위에서 설정한 아이피만 ssh 로 접근이 가능하도록 해보세요.
방화벽에서 자동 차단 되도록 하시려면..아래 주소를 참고 하시면 될듯하네요.
http://www.sshguard.net/
http://www.sshguard.net/docs/setup/compile-install/
http://www.sshguard.net/docs/setup/firewall/netfilter-iptables/
[root@yongbok ~]# echo 'sshd : ALL' >> /etc/hosts.deny
위에서 설정한 아이피만 ssh 로 접근이 가능하도록 해보세요.
방화벽에서 자동 차단 되도록 하시려면..아래 주소를 참고 하시면 될듯하네요.
http://www.sshguard.net/
http://www.sshguard.net/docs/setup/compile-install/
http://www.sshguard.net/docs/setup/firewall/netfilter-iptables/
gurum님의 댓글
- gurum
- 작성일
fail2ban 강추합니다....
gurum님의 댓글
- gurum
- 작성일
-A INPUT -i eth0 -s 61.153.56.0/24 -j DROP
================================================
inetnum: 61.153.56.0 - 61.153.56.255
netname: QUZHOU-IDC-MOVIE
country: CN
descr: quzhou telecom, zhejiang
descr:
admin-c: XB61-AP
tech-c: CQ11-AP
status: ASSIGNED NON-PORTABLE
changed: auto-dbm@dcb.hz.zj.cn 20041204
mnt-by: MAINT-CN-CHINANET-ZJ-QZ
source: APNIC
role: CHINANET-ZJ Quzhou
address: No.1 Jiangbin Road(North),Quzhou,Zhejiang.324000
country: CN
phone: +86-570-3047163
fax-no: +86-570-3049169
e-mail: anti-spam@mail.qzptt.zj.cn
trouble: send spam reports to anti-spam@mail.qzptt.zj.cn
trouble: and abuse reports to anti-spam@mail.qzptt.zj.cn
trouble: Please include detailed information and times in UTC
admin-c: CH106-AP
tech-c: CH106-AP
nic-hdl: CQ11-AP
mnt-by: MAINT-CHINANET-ZJ
changed: master@dcb.hz.zj.cn 20031204
source: APNIC
person: xu bin
nic-hdl: XB61-AP
e-mail: anti-spam@mail.qzptt.zj.cn
address: NO.1 xi'an road,Quzhou,Zhejiang.Postcode:324000
phone: +86-570-8011879
country: CN
changed: auto-dbm@dcb.hz.zj.cn 20041204
mnt-by: MAINT-CN-CHINANET-ZJ-QZ
source: APNIC
================================================
inetnum: 61.153.56.0 - 61.153.56.255
netname: QUZHOU-IDC-MOVIE
country: CN
descr: quzhou telecom, zhejiang
descr:
admin-c: XB61-AP
tech-c: CQ11-AP
status: ASSIGNED NON-PORTABLE
changed: auto-dbm@dcb.hz.zj.cn 20041204
mnt-by: MAINT-CN-CHINANET-ZJ-QZ
source: APNIC
role: CHINANET-ZJ Quzhou
address: No.1 Jiangbin Road(North),Quzhou,Zhejiang.324000
country: CN
phone: +86-570-3047163
fax-no: +86-570-3049169
e-mail: anti-spam@mail.qzptt.zj.cn
trouble: send spam reports to anti-spam@mail.qzptt.zj.cn
trouble: and abuse reports to anti-spam@mail.qzptt.zj.cn
trouble: Please include detailed information and times in UTC
admin-c: CH106-AP
tech-c: CH106-AP
nic-hdl: CQ11-AP
mnt-by: MAINT-CHINANET-ZJ
changed: master@dcb.hz.zj.cn 20031204
source: APNIC
person: xu bin
nic-hdl: XB61-AP
e-mail: anti-spam@mail.qzptt.zj.cn
address: NO.1 xi'an road,Quzhou,Zhejiang.Postcode:324000
phone: +86-570-8011879
country: CN
changed: auto-dbm@dcb.hz.zj.cn 20041204
mnt-by: MAINT-CN-CHINANET-ZJ-QZ
source: APNIC
