help - under attack
Mike Tancsa
mike at sentex.net
Sun Oct 1 17:11:15 UTC 2017
On 10/1/2017 11:18 AM, Ernie Luzar wrote:
> Hello list;
>
> Installed 11.1 from scratch and after about 2-3 weeks I finally got
> around to inspecting the /var/logs. I have never seen the auth.log file
> roll over before, so this peaked my interest. It was full of failed
> login attempts. My firewall blocks all inbound traffic, so I am very
> baffled be what I see in the log. Any suggestions on how this can be
> happening?
Is your firewall your default gateway on the FreeBSD box ?
Run tcpdump with the -e option as well to see what MAC address is
forwarding the traffic. So if you have igb0 as the nic with the default
gateway
tcpdump -nei igb0 -c 20 port 22
then use arp -na to match the IP address to the MAC address to confirm
it is the host forwarding traffic you think it is. Also double check
your firewall to make sure the rules are working as you expect.
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the freebsd-questions
mailing list