There was a problem after the reboot. I should have checked that first.
Bruno Wolff III wrote:
On Mon, Jul 24, 2006 at 09:24:18 -0500,
"[email protected]" <[email protected]> wrote:
At one of my customers sites I have iptables configured to drop all ssh
packets unless they originate from one of two addresses. However in
logwatch, I had login attempts though SSH.
Illegal users from:
18.104.22.168: 6 times
Now the address above is not one on the allowed list. Is it possible that
they were able to get past iptables to attempt the login?
It would probably help if you posted your iptables rule set.
You might also check and make sure that they are actually installed, in
case something went wrong after a reboot.