Re: firewall questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sun, Jun 21, 2020 at 12:33 PM Chuck Campbell <campbell@xxxxxxxxxxxx>
wrote:

> I'm running Centos 7.8.2003, with firewalld.
>
> I was getting huge numbers of ssh attempts per day from a few specific
> ip blocks.
>
> The offenders are 45.0.0.0/24, 49.0.0.0/24, 51.0.0.0/24, 111.0.0.0/24
> and 118.0.0.0/24,
>


so just 45.0.0.0 through 45.0.0.255 and not other 45.x.y blocks ?  ditto
your other networks?    sure you didn't mean /8 or another sized subnet on
there?

doing some whois,  the actual 45.0.0.0 block has a netmask of /15, which is
45.0.0.0 through 45.1.255.255, and belongs to Interop, the IT trade show.
45.2.0.0/16 belongs to Frontier Networks in Ontario, CA
45.3.0.0/19 belongs to Start Cable in Ontario
45.3.32.0/19 belongs to someone in Los Vegas.
45.3.64.0/18 belongs to Virginia Polytechnic
45.3.128.0/17 belongs to Charter Cable (formerly Bright House Networks)
45.4.0.0/14 is LANIC, and further diced into a multitude of Latin America
networks.
45.8.0.0/13 is RIPE, and diced into various european networks.
etc etc etc.


anyways, I didn't see your rules explicitly blocking 22/tcp, which is ssh...

-- 
-john r pierce
  recycling used bits in santa cruz
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux