[CentOS] Intrusion Attempt Prevension - iptables problems

Marko A. Jennings markobiz at bluegargoyle.com
Mon Jan 12 18:45:46 UTC 2009


On Mon, January 12, 2009 1:37 pm, James B. Byrne wrote:
> I have these rules in effect:
<snip>
> 1    DROP       all  --  202.14.0.0/24        anywhere
> 2    DROP       all  --  220.232.0.0/24       anywhere
<sniP>
>
> Note particularly line 2.
>
> Now, notwithstanding the above, I see this in my /var/log/secure file:
>
> Jan 12 13:36:02 inet01 sshd[16056]: Received disconnect from
> 220.232.152.137: 11: Bye Bye
> Jan 12 13:36:13 inet01 sshd[16062]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=avalon.aty-group.com
> user=root
> Jan 12 13:36:15 inet01 sshd[16062]: Failed password for root from
> 220.232.152.137 port 38722 ssh2
<snip>
>
> What is wrong with my IPTABLES rules that this connection is permitted?

Your netmask.  You might want to consider changing it to /16.

Marko



More information about the CentOS mailing list