DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 29th October 2012
sparky's Avatar
sparky sparky is offline
Fdisk Soldier
 
Join Date: Mar 2012
Posts: 73
Thanked 0 Times in 0 Posts
Default SSH is being blocked from WAN however public IP shown in server log

Hi,

I'm running OpenBSD 5.1 stable on an old SPARC system as a router/firewall/NAT.

The system runs PPPoE through an external DSL modem.

For some reason my log showed up with:

Code:
sshd[1990]: Invalid user voip from 70.60.152.98
on my FreeBSD server. This system is has SSH completely locked down so I'm not too worried about access that way.


However, what I am concerned about is that someone managed to SSH in???


I have a rule in place to block anyone from outside getting in via packet filter:

Code:
block return in quick on tun0 proto tcp from any to any port = 22
so I don't understand how something like this could happen?

Before that rule I have these in place:

Code:
block return in log all
block return out log all
block return in quick from urpf-failed to any
It's almost as though someone managed to sneak their way into the system by using other means though am using Stateful Packet Inspection for everything going out and coming in??

Or is the rule not properly constructed?

Should it say:

Code:
block in on tun0 proto tcp from any to any port = 22
instead?

Could someone help me out?

I need to figure out some way to lock the router and the internal network down completely so things like this don't happen again.

Thanks
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft warns of IE flaw, turns PC into public file server J65nko News 0 4th February 2010 11:21 PM
secure ssh with public key milo974 OpenBSD Security 11 9th July 2008 04:52 PM
Apache on two servers but one public IP marco64 General software and network 2 4th June 2008 07:29 PM
OS to run in a public computer? Sunnz Off-Topic 31 23rd May 2008 05:47 PM


All times are GMT. The time now is 07:44 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick