Hi,
I'm running OpenBSD 5.1 stable on an old SPARC system as a router/firewall/NAT.
The system runs PPPoE through an external DSL modem.
For some reason my log showed up with:
Code:
sshd[1990]: Invalid user voip from 70.60.152.98
on my FreeBSD server. This system is has SSH completely locked down so I'm not too worried about access that way.
However, what I am concerned about is that someone managed to SSH in???
I have a rule in place to block anyone from outside getting in via packet filter:
Code:
block return in quick on tun0 proto tcp from any to any port = 22
so I don't understand how something like this could happen?
Before that rule I have these in place:
Code:
block return in log all
block return out log all
block return in quick from urpf-failed to any
It's almost as though someone managed to sneak their way into the system by using other means though am using Stateful Packet Inspection for everything going out and coming in??
Or is the rule not properly constructed?
Should it say:
Code:
block in on tun0 proto tcp from any to any port = 22
instead?
Could someone help me out?
I need to figure out some way to lock the router and the internal network down completely so things like this don't happen again.
Thanks