Find the answer to your Linux question:
Results 1 to 2 of 2
Hi, Just trying to make sense of some entries in our audit.log - One of our Asterisk servers has been subject a brute force attack on SSH. Our SSH port ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2012
    Posts
    1

    Audit Log puzzle


    Hi,

    Just trying to make sense of some entries in our audit.log - One of our Asterisk servers has been subject a brute force attack on SSH. Our SSH port is not open to the public but rather only reachable through LAN and a specific public IP. The problem we're facing is that the audit.log is showing loads of failed login attempts (brute force attack) from diffrerent public IPs but public IPs are not allowed to connect via SSH based on iptables - So how can this be?

    Glad if someone can shed some light onto this. In the meantime we're just going to implement something like fail2ban to dynamically block the IPs.

    Thanks

  2. #2
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    678
    Hi there,

    It seems very unlikely that ssh would make things up, so that suggests your iptables isn't configured correctly.

    If you want to post the iptables config then we might be able to spot the gap.

    Let us know how you get on.
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •