newbiefan
17-05-2009, 19:59
Well, I'm running vsftpd, lighttpd, ssh on my asus wl500gP in AP Mode, behind a fritzbox modem/router/voip. Ports 21,22 and 80 are forwarded to asus wl500gP. Everything works fine and stable.
In order to get rid of my beloved script-kiddies and several hackers, I started iptables on my asus, because avoiding access from several ip's as well as brute force (with ipt_recent) should be easily possible. Everything works just perfect, even ipt_recent (thanks al37919!) - when I test it, it seems to work stable anytime.
And in case that I missed something (I'm not an iptables expert), I wrote a script, just adding an IP to a block list when something is wrong with an access, like 3 times a message like "non existing user".
Yesterday I recognized, that the complete subnet of a hacker is already blocked, furthermore my script realized that something is wrong and has blocked the ip again - but nothing happens!
As you can see in an excerpt of my logfile, access from this ip is still possible, even after double blocking! And to show you, that everything is ok with iptables config, I've added the output of 'iptables -n -L'
Does anybody know whats going on? What I am doing wrong?
When I test it with my mobile modem, it works!
How can an ip 220.x.x.x can come through, when its already blocked?
Any help is appreciated.
Newbiefan
In order to get rid of my beloved script-kiddies and several hackers, I started iptables on my asus, because avoiding access from several ip's as well as brute force (with ipt_recent) should be easily possible. Everything works just perfect, even ipt_recent (thanks al37919!) - when I test it, it seems to work stable anytime.
And in case that I missed something (I'm not an iptables expert), I wrote a script, just adding an IP to a block list when something is wrong with an access, like 3 times a message like "non existing user".
Yesterday I recognized, that the complete subnet of a hacker is already blocked, furthermore my script realized that something is wrong and has blocked the ip again - but nothing happens!
As you can see in an excerpt of my logfile, access from this ip is still possible, even after double blocking! And to show you, that everything is ok with iptables config, I've added the output of 'iptables -n -L'
Does anybody know whats going on? What I am doing wrong?
When I test it with my mobile modem, it works!
How can an ip 220.x.x.x can come through, when its already blocked?
Any help is appreciated.
Newbiefan