Iptables version is 1.3.5
This is from the config file
Code: Select all
TOOL='/sbin/iptables'
# flush tables
$TOOL -F INPUT
$TOOL -F OUTPUT
$TOOL -F FORWARD
$TOOL -t nat -F PREROUTING
$TOOL -t nat -F POSTROUTING
# default policies
$TOOL -P INPUT DROP
$TOOL -P OUTPUT DROP
$TOOL -P FORWARD ACCEPT
# ppp0
$TOOL -A INPUT -s 116.10.191.0/24 -j DROP
$TOOL -A INPUT -s 222.163.192.0/24 -j DROP
$TOOL -A INPUT -s 86.101.234.0/24 -j DROP
$TOOL -A INPUT -s 61.171.0.0/24 -j DROP
$TOOL -A INPUT -s 139.182.22.0/24 -j DROP
$TOOL -A INPUT -s 183.60.20.0/24 -j DROP
$TOOL -A INPUT -s 61.174.0.0/24 -j DROP
$TOOL -A INPUT -s 113.193.0.0/24 -j DROP
$TOOL -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$TOOL -A INPUT -p tcp --dport 22 --syn -m limit --limit 1/m --limit-burst 2 -j ACCEPT
$TOOL -A INPUT -p tcp --dport 22 --syn -j DROP
Code: Select all
Chain INPUT (policy DROP 9728 packets, 654K bytes)
pkts bytes target prot opt in out source destination
121 4840 DROP all -- * * 116.10.191.0/24 0.0.0.0/0
170 10200 DROP all -- * * 222.163.192.0/24 0.0.0.0/0
198 11880 DROP all -- * * 86.101.234.0/24 0.0.0.0/0
0 0 DROP all -- * * 61.171.0.0/24 0.0.0.0/0
0 0 DROP all -- * * 139.182.22.0/24 0.0.0.0/0
0 0 DROP all -- * * 183.60.20.0/24 0.0.0.0/0
0 0 DROP all -- * * 61.174.0.0/24 0.0.0.0/0
0 0 DROP all -- * * 113.193.0.0/24 0.0.0.0/0
699K 363M ACCEPT all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
461 23176 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 flags:0x17/0x02 limit: avg 1/min burst 2
854 46608 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 flags:0x17/0x02
Code: Select all
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
avahi (125.210.216.25): 5 Time(s)
root (93-63-173-228.ip28.fastwebnet.it): 5 Time(s)
root (61.174.50.216): 3 Time(s)
root (61.174.50.224): 3 Time(s)
root (61.174.51.211): 3 Time(s)
unknown (a141.sub94.net78.udm.net): 3 Time(s)
root (60.173.11.113): 2 Time(s)
root (61.174.51.204): 2 Time(s)
root (61.174.51.216): 2 Time(s)
unknown (115.146.121.243): 2 Time(s)
unknown (182.79.235.9): 2 Time(s)
unknown (221.179.89.90): 2 Time(s)
unknown (61.174.50.224): 2 Time(s)
gopher (125.210.216.25): 1 Time(s)
root (211.140.18.59): 1 Time(s)
root (61.174.51.209): 1 Time(s)
root (61.174.51.233): 1 Time(s)
root (mail.blackpeony.com): 1 Time(s)
unknown (61.174.51.204): 1 Time(s)
unknown (61.174.51.233): 1 Time(s)
unknown (93-63-173-228.ip28.fastwebnet.it): 1 Time(s)
unknown (mail.blackpeony.com): 1 Time(s)
Invalid Users:
Unknown Account: 23 Time(s)
---------------------- pam_unix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 4 Time(s)
root : 14 Time(s)
Failed logins from:
58.241.61.162 (mail.blackpeony.com): 1 time
60.173.11.113: 2 times
61.174.50.216 (216.50.174.61.dial.wz.zj.dynamic.163data.com.cn): 3 times
61.174.50.224 (224.50.174.61.dial.wz.zj.dynamic.163data.com.cn): 3 times
61.174.51.204 (204.51.174.61.dial.wz.zj.dynamic.163data.com.cn): 2 times
61.174.51.209 (209.51.174.61.dial.wz.zj.dynamic.163data.com.cn): 1 time
61.174.51.211 (211.51.174.61.dial.wz.zj.dynamic.163data.com.cn): 3 times
61.174.51.216 (216.51.174.61.dial.wz.zj.dynamic.163data.com.cn): 2 times
61.174.51.233 (233.51.174.61.dial.wz.zj.dynamic.163data.com.cn): 2 times
93.63.173.228 (93-63-173-228.ip28.fastwebnet.it): 5 times
125.210.216.25: 6 times
211.140.18.59: 1 time
Illegal users from:
58.241.61.162 (mail.blackpeony.com): 1 time
61.174.50.224 (224.50.174.61.dial.wz.zj.dynamic.163data.com.cn): 6 times
61.174.51.204 (204.51.174.61.dial.wz.zj.dynamic.163data.com.cn): 3 times
61.174.51.233 (233.51.174.61.dial.wz.zj.dynamic.163data.com.cn): 3 times
78.85.94.141 (a141.sub94.net78.udm.net): 3 times
93.63.173.228 (93-63-173-228.ip28.fastwebnet.it): 1 time
115.146.121.243: 2 times
182.79.235.9: 2 times
221.179.89.90: 2 times
Any ideas would be appreciated.
Kevin.