| Linode Forum https://forum.linode.com/ |
|
| Possible UFW issue https://forum.linode.com/viewtopic.php?f=19&t=11114 |
Page 1 of 1 |
| Author: | johnfl68 [ Wed Jun 18, 2014 8:09 am ] |
| Post subject: | Possible UFW issue |
Hello: I have a server that just servers http content, (LA, no MP). I have UFW set to only allow ports 22, 80, and 123. Fail2Ban is installed, login from root disallowed, my login is with keyfile. In the logwatch report, I am seeing entries for ports that should be blocked: **Unmatched Entries** message repeated 5 times: [ Failed password for root from 117.21.226.64 port 1888 ssh2] : 1 time(s) message repeated 5 times: [ Failed password for root from 117.21.225.154 port 4519 ssh2] : 1 time(s) message repeated 5 times: [ Failed password for root from 202.109.143.16 port 4461 ssh2] : 1 time(s) message repeated 5 times: [ Failed password for root from 222.187.221.152 port 3454 ssh2] : 1 time(s) message repeated 5 times: [ Failed password for root from 222.186.34.119 port 4574 ssh2] : 1 time(s) What am I missing? If those ports are blocked by UFW, why am I seeing failed login attempts for those ports? If I test for open ports remotely, I show that they are filtered and not open, as I would expect. I am not overly concerned, because they are getting stopped by Fail2Ban, and I am the only one with the keyfile, but still this doesn't seem right. Any assistance on what might be going on is appreciated. Thanks! John |
|
| Author: | obs [ Wed Jun 18, 2014 8:43 am ] |
| Post subject: | Re: Possible UFW issue |
Those will be the source ports |
|
| Author: | johnfl68 [ Wed Jun 18, 2014 11:29 am ] |
| Post subject: | Re: Possible UFW issue |
I didn't think about those being on the source end. Thank you. John |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|