iptables isn't blocking IP
Kevin Old
kevinold at gmail.com
Fri Jan 21 14:35:26 UTC 2005
Hello everyone,
My Logwatch report this moring is below. It appears that IP
218.145.54.195 has attempted to connect to my SSH daemon 500 times.
I'm confused at how that can be as I added that IP several days ago to
the iptables
/sbin/iptables -I OC -s 218.145.54.195 -j DROP
and a /iptables -L OC shows that he's in there.
--------------------- pam_unix Begin ------------------------
vsftpd:
Unknown Entries:
check pass; user unknown: 2 Time(s)
authentication failure; logname= uid=0 euid=0 tty= ruser=
rhost=198.92.120.65 : 1 Time(s)
authentication failure; logname= uid=0 euid=0 tty= ruser=
rhost=81.112.95.146 : 1 Time(s)
sshd:
Invalid Users:
Unknown Account: 764 Time(s)
Authentication Failures:
unknown (sig214.gsig-net.qc.ca ): 227 Time(s)
unknown (218.145.54.195 ): 500 Time(s)
unknown (207.139.143.214 ): 1 Time(s)
unknown (222.122.60.42 ): 36 Time(s)
---------------------- pam_unix End -------------------------
Any ideas why he'd be getting through the cracks?
Thanks,
Kevin
--
Kevin Old
kevinold at gmail.com
More information about the users
mailing list