Hi Gui, thanks for the report, I'll look into it.
public.metalab is actually the backup-router, traffic from the metalab-LAN is actually NATted over v642 behind 185.194.20.42, do you see any logs for this? Currently I don't see any traffic on port 22 originating from public.metalab. BR, Clemens On Montag, 23. April 2018 11:14:45 CEST Gui Iribarren wrote: > yesterday while debugging the RST thing, i also spotted a flood of these > in the log. circa 17 attemps per minute, lasted for at least a couple of > hours. here two example lines only: > Sun Apr 22 18:42:33 2018 authpriv.warn dropbear[29515]: Bad password > attempt for 'root' from 78.41.112.151:44084 > Sun Apr 22 19:02:29 2018 authpriv.warn dropbear[30205]: Login attempt > for nonexistent user from 78.41.112.151:47361 > > i'm pretty used to seeing that kind of bruteforce attempts "from the > wild" out in the internet, but in this particular case, > that ip resolves to public.metalab.wien.funkfeuer.at > > possibly just someone experimenting at the metalab (seems to have > stopped today). but reporting just in case. > > -- > Wien mailing list > [email protected] > https://lists.funkfeuer.at/mailman/listinfo/wien
signature.asc
Description: This is a digitally signed message part.
-- Wien mailing list [email protected] https://lists.funkfeuer.at/mailman/listinfo/wien
