republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Industry Forums > Wireless Service Providers > ssh off in 450G but stil login attempts

Search Topic:
 Uniqs:
397		 Share Topic
Posting?
Post a:
Post a:
Links: ·WISP Forum FAQ ·WISP Directory ·Radio Mobile
AuthorAll Replies

thewisperer
Premium
join:2008-01-16

ssh off in 450G but stil login attempts

i have ssh off in ip - services but when I look at

ip -firewall - address list I see a number of attempts that have been put on a blacklist by a script I have and it shows

Black list (SSH) and the ip address

only thing left in services is

winbox 8291
www 80

how does that happen and any way to block those attempts better
right now they go to stage 1,2,3 and blacklist

thanks
to forum · permalink · 2013-01-07 07:57:11 ·

bburley

join:2010-04-30
Cold Lake, AB
1 edit

Add the following to ip firewall filter before any rules that detect SSH logins.


add chain=input action=drop protocol=tcp dst-port=22


Because your SSH service is not running your script is detecting a failed login and still doing its job. With a filter rule that drops any packet on SSH port 22, the script or the router will never see it.

The input chain is only for packets directed at the router itself. This will not affect the forward chain.

The only advantage to leaving it the way it is, is that you get too see a log of IP's that are trying. Since they are likely running scripts, every IP address on the Internet will probably see these attempts.

to forum · permalink · 2013-01-07 09:14:27 ·


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:4

reply to thewisperer
As bburley says, you need to have the firewall "ignore" SSH related packets by dropping them on the floor when they come in.

To put it a slightly different way, youve disabled the service, but the firewall is still configured to accept and process packets, before it will try and send them onwards to the host itself, at which point there is no service to receive the packet, so it will generate some kind of message back in response (like ICMP port unreachable or some such.)

to forum · permalink · 2013-01-07 10:43:55 ·

thewisperer
Premium
join:2008-01-16

reply to thewisperer
thank you both: learning every day!

to forum · permalink · 2013-01-07 13:35:49 ·


Inssomniak
The Glitch
Premium
join:2005-04-06
Cayuga, ON
kudos:1

reply to TomS_

said by TomS_:

As bburley says, you need to have the firewall "ignore" SSH related packets by dropping them on the floor when they come in.

That's messy. He should drop them into a bucket. Then empty the bucket periodically outside.
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca
to forum · permalink · 2013-01-07 15:43:44 ·

gunther_01
Premium
join:2004-03-29
Saybrook, IL

reply to thewisperer
Or you can just leave it be and not do anything..
--
»www.wirelessdatanet.net

to forum · permalink · 2013-01-07 16:17:56 ·


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:4

reply to Inssomniak
That too.

to forum · permalink · 2013-01-07 16:20:43 ·
Forums > Industry Forums > Wireless Service Providers

Monday, 20-May 10:45:30 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics