At 11:44 AM +0200 5/27/07, Harald Hoyer (slash) wrote: >Hello, > >I have received this from my logwatch mail: > >------- iptables firewall Begin -------- > > Logged 171 packets on interface eth0 > From 137.227.xxx.xxx - 171 packets to tcp(N1,N2,N3,...,Nn) >---------------------------------- > >The problem is that I don't trust the IP and I don't know how to avoid it. > >Any idea? Well, there will be an almost unbounded number of IPs that attack you, so banning them one at a time will only be satisfying for a little while. You might want to use something like fail2ban. First off, you want to get more detail about the IPs and what iptables did with their packets from the raw log file; probably `less /var/log/messages` and then "/137\.227\." RETURN, followed by "n" to search down and "N" to search up, and "q" to quit. Once you have more idea of what they're trying to do and what iptables did you can decide if there is anything more that needs to be done. If iptables is already dropping the packets, that's fine. If there were 171 attempts to log into SSH or FTP you might start to have some concern, and try fail2ban or the sshattack iptables rules that have been in the thread "I love IP Tables". -- ____________________________________________________________________ TonyN.:' <mailto:tonynelson@xxxxxxxxxxxxxxxxx> ' <http://www.georgeanelson.com/>
