Jiří Červenka wrote: > > I´m not able to simulate FTP session from 193.171.155.10, because I have > no access to this machine, in fact some script kiddie was trying to log > in to my FTP server using brute force attack. > I tried to establish connection from my personal public IP address and > in this case shorewall worked as usual. > FTP conection from my public ip address was dropped. It is strange > because the only thing I changed in configuration was the ip address in > drop rule for FTP conections. > Dump files are here: http://rapidshare.com/files/12526259/dumps.zip.html
I suspect that the attacker was not establishing a new TCP connection then but rather was reusing an existing one. You have BLACKLISTNEWONLY=No in your shorewall.conf file so that blacklist entries can stop existing connections. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
