SSH is being blocked from WAN however public IP shown in server log
I'm running OpenBSD 5.1 stable on an old SPARC system as a router/firewall/NAT.
The system runs PPPoE through an external DSL modem.
For some reason my log showed up with:
sshd: Invalid user voip from 18.104.22.168
However, what I am concerned about is that someone managed to SSH in???
I have a rule in place to block anyone from outside getting in via packet filter:
block return in quick on tun0 proto tcp from any to any port = 22
Before that rule I have these in place:
block return in log all block return out log all block return in quick from urpf-failed to any
Or is the rule not properly constructed?
Should it say:
block in on tun0 proto tcp from any to any port = 22
Could someone help me out?
I need to figure out some way to lock the router and the internal network down completely so things like this don't happen again.
|Thread||Thread Starter||Forum||Replies||Last Post|
|Microsoft warns of IE flaw, turns PC into public file server||J65nko||News||0||4th February 2010 11:21 PM|
|secure ssh with public key||milo974||OpenBSD Security||11||9th July 2008 04:52 PM|
|Apache on two servers but one public IP||marco64||General software and network||2||4th June 2008 07:29 PM|
|OS to run in a public computer?||Sunnz||Off-Topic||31||23rd May 2008 05:47 PM|