Results 1 to 2 of 2
Hi, Just trying to make sense of some entries in our audit.log - One of our Asterisk servers has been subject a brute force attack on SSH. Our SSH port ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-15-2012 #1
- Join Date
- Nov 2012
Audit Log puzzle
Just trying to make sense of some entries in our audit.log - One of our Asterisk servers has been subject a brute force attack on SSH. Our SSH port is not open to the public but rather only reachable through LAN and a specific public IP. The problem we're facing is that the audit.log is showing loads of failed login attempts (brute force attack) from diffrerent public IPs but public IPs are not allowed to connect via SSH based on iptables - So how can this be?
Glad if someone can shed some light onto this. In the meantime we're just going to implement something like fail2ban to dynamically block the IPs.
- 11-15-2012 #2
- Join Date
- Apr 2004
It seems very unlikely that ssh would make things up, so that suggests your iptables isn't configured correctly.
If you want to post the iptables config then we might be able to spot the gap.
Let us know how you get on.To be good, you must first be bad. "Newbie" is a rank, not a slight.