[CentOS] firewall questions

Sun Jun 21 20:18:38 UTC 2020
John Pierce <jhn.pierce at gmail.com>

On Sun, Jun 21, 2020 at 12:33 PM Chuck Campbell <campbell at accelinc.com>
wrote:

> I'm running Centos 7.8.2003, with firewalld.
>
> I was getting huge numbers of ssh attempts per day from a few specific
> ip blocks.
>
> The offenders are 45.0.0.0/24, 49.0.0.0/24, 51.0.0.0/24, 111.0.0.0/24
> and 118.0.0.0/24,
>


so just 45.0.0.0 through 45.0.0.255 and not other 45.x.y blocks ?  ditto
your other networks?    sure you didn't mean /8 or another sized subnet on
there?

doing some whois,  the actual 45.0.0.0 block has a netmask of /15, which is
45.0.0.0 through 45.1.255.255, and belongs to Interop, the IT trade show.
45.2.0.0/16 belongs to Frontier Networks in Ontario, CA
45.3.0.0/19 belongs to Start Cable in Ontario
45.3.32.0/19 belongs to someone in Los Vegas.
45.3.64.0/18 belongs to Virginia Polytechnic
45.3.128.0/17 belongs to Charter Cable (formerly Bright House Networks)
45.4.0.0/14 is LANIC, and further diced into a multitude of Latin America
networks.
45.8.0.0/13 is RIPE, and diced into various european networks.
etc etc etc.


anyways, I didn't see your rules explicitly blocking 22/tcp, which is ssh...

-- 
-john r pierce
  recycling used bits in santa cruz