Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Michael Sullivan <michael@××××××××××××.com>
To: gentoo-user <gentoo-user@l.g.o>
Subject: [gentoo-user] OT - ipkungfu perhaps not doing its job
Date: Thu, 16 Nov 2006 18:34:10
Message-Id: 1163701742.12501.94.camel@camille.espersunited.com
1 Can anyone tell me why I have about a hundred of these
2
3 Nov 16 08:00:03 bullet ftp(pam_unix)[2045]: authentication failure;
4 logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45
5 Nov 16 08:00:06 bullet ftp(pam_unix)[2045]: authentication failure;
6 logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45
7 Nov 16 08:00:09 bullet ftp(pam_unix)[2045]: authentication failure;
8 logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45
9 Nov 16 08:00:12 bullet ftp(pam_unix)[2045]: authentication failure;
10 logname= uid=0 euid=0 tty= ruser= rhost=222.135.146.45
11
12 when that IP address is in /etc/ipkungfu/deny_hosts.conf? Here's my
13 rules; I don't understand them:
14
15 bullet ~ # ipkungfu -l
16 Chain INPUT (policy DROP 2 packets, 144 bytes)
17 pkts bytes target prot opt in out source
18 destination
19 45662 6103K ACCEPT all -- any any anywhere
20 anywhere state RELATED,ESTABLISHED
21 0 0 LOG all -- lo any 0.0.0.1
22 anywhere LOG level warning prefix `IPKF IPKungFu (--init)'
23 0 0 DROP all -- eth0 any 210.188.206.107
24 anywhere
25 0 0 DROP all -- eth0 any 222.90.206.62
26 anywhere
27 0 0 DROP all -- eth0 any 61.178.185.124
28 anywhere
29 0 0 DROP all -- eth0 any 65.98.76.197
30 anywhere
31 0 0 DROP all -- eth0 any 211.234.99.230
32 anywhere
33 0 0 DROP all -- eth0 any 60.191.34.155
34 anywhere
35 0 0 DROP all -- eth0 any sd-2742.dedibox.fr
36 anywhere
37 1 40 DROP all -- eth0 any nameservices.net
38 anywhere
39 1 55 DROP all -- eth0 any 222.135.146.45
40 anywhere
41 28 1598 ACCEPT all -- any any camille.espersunited.com
42 anywhere
43 7 351 ACCEPT all -- any any
44 catherine.espersunited.com anywhere
45 0 0 DROP all -- any any anywhere
46 anywhere recent: CHECK seconds: 120 name: badguy side: source
47 0 0 LOG tcp -- eth0 any anywhere
48 anywhere tcp
49 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/sec
50 burst 5 LOG level warning prefix `IPKF flags ALL: '
51 0 0 LOG tcp -- eth0 any anywhere
52 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
53 3/sec burst 5 LOG level warning prefix `IPKF flags NONE: '
54 0 0 LOG tcp -- eth0 any anywhere
55 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit:
56 avg 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap XMAS): '
57 0 0 LOG tcp -- eth0 any anywhere
58 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg
59 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap FIN): '
60 0 0 LOG tcp -- eth0 any anywhere
61 anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 3/sec burst 5
62 LOG level warning prefix `IPKF flags SYN,FIN: '
63 0 0 LOG tcp -- eth0 any anywhere
64 anywhere tcp flags:SYN,RST/SYN,RST limit: avg 3/sec burst 5
65 LOG level warning prefix `IPKF flags SYN,RST: '
66 0 0 LOG tcp -- eth0 any anywhere
67 anywhere tcp
68 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/sec burst
69 5 LOG level warning prefix `IPKF SYN,RST,ACK,FIN,URG: '
70 0 0 LOG tcp -- eth0 any anywhere
71 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
72 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap NULL): '
73 0 0 DROP tcp -- eth0 any anywhere
74 anywhere tcp
75 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
76 0 0 DROP tcp -- eth0 any anywhere
77 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
78 0 0 DROP tcp -- eth0 any anywhere
79 anywhere tcp flags:FIN,SYN/FIN,SYN
80 0 0 DROP tcp -- eth0 any anywhere
81 anywhere tcp flags:SYN,RST/SYN,RST
82 0 0 DROP tcp -- eth0 any anywhere
83 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
84 0 0 DROP tcp -- eth0 any anywhere
85 anywhere tcp
86 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
87 0 0 DROP tcp -- eth0 any anywhere
88 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
89 0 0 DROP tcp -- eth0 any anywhere
90 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
91 3 276 ACCEPT icmp -- any any anywhere
92 anywhere icmp echo-request
93 85 3400 LOG all -- any any anywhere
94 anywhere state INVALID limit: avg 3/sec burst 5 LOG level
95 warning prefix `IPKF Invalid TCP flag: '
96 85 3400 DROP all -- any any anywhere
97 anywhere state INVALID
98 0 0 LOG all -f eth0 any anywhere
99 anywhere limit: avg 3/sec burst 5 LOG level warning prefix
100 `IPKF Fragmented Packet: '
101 0 0 DROP all -f eth0 any anywhere
102 anywhere
103 0 0 LOG icmp -- eth0 any anywhere
104 anywhere icmp timestamp-request limit: avg 3/sec burst 5 LOG
105 level warning prefix `IPKF ICMP Timestamp: '
106 0 0 DROP icmp -- eth0 any anywhere
107 anywhere icmp timestamp-request
108 125 6656 syn-flood tcp -- eth0 any anywhere
109 anywhere tcp flags:FIN,SYN,RST,ACK/SYN
110 0 0 LOG tcp -- eth0 any anywhere
111 anywhere tcp flags:!SYN,RST,ACK/SYN state NEW limit: avg
112 3/sec burst 5 LOG level warning prefix `IPKF New Not SYN: '
113 0 0 DROP tcp -- eth0 any anywhere
114 anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
115 0 0 DROP tcp -- eth0 any anywhere
116 anywhere multiport dports netbios-ns,6666
117 2 808 DROP udp -- eth0 any anywhere
118 anywhere multiport dports ms-sql-m
119 102 5552 ACCEPT tcp -- eth0 any anywhere
120 anywhere state NEW multiport dports
121 ftp,ssh,smtp,http,imap,https
122 0 0 ACCEPT udp -- eth0 any anywhere
123 anywhere state NEW multiport dports imap
124 203 15337 ACCEPT all -- lo any anywhere
125 anywhere state NEW
126 0 0 ACCEPT all -- lo any localhost.localdomain
127 anywhere state NEW
128 2 112 REJECT tcp -- any any anywhere
129 anywhere tcp dpt:auth reject-with tcp-reset
130 146 38531 LOG !icmp -- any any anywhere
131 anywhere limit: avg 3/sec burst 5 LOG level warning prefix
132 `IPKF INPUT Catch-all: '
133 146 38531 DROP all -- any any anywhere
134 anywhere
135
136 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
137 pkts bytes target prot opt in out source
138 destination
139 0 0 ACCEPT all -- any any anywhere
140 anywhere state RELATED,ESTABLISHED
141 0 0 ACCEPT all -- eth0 any camille.espersunited.com
142 anywhere
143 0 0 ACCEPT all -- eth0 any
144 catherine.espersunited.com anywhere
145 0 0 DROP all -- eth0 any anywhere
146 anywhere recent: CHECK seconds: 120 name: badguy side: source
147 0 0 LOG tcp -- eth0 any anywhere
148 anywhere tcp
149 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/sec
150 burst 5 LOG level warning prefix `IPKF flags ALL: '
151 0 0 LOG tcp -- eth0 any anywhere
152 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
153 3/sec burst 5 LOG level warning prefix `IPKF flags NONE: '
154 0 0 LOG tcp -- eth0 any anywhere
155 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit:
156 avg 3/sec burst 5 LOG level warning prefix `IPKF flags FIN,URG,PSH: '
157 0 0 LOG tcp -- eth0 any anywhere
158 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg
159 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap XMAS): '
160 0 0 LOG tcp -- eth0 any anywhere
161 anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 3/sec burst 5
162 LOG level warning prefix `IPKF flags SYN,FIN: '
163 0 0 LOG tcp -- eth0 any anywhere
164 anywhere tcp flags:SYN,RST/SYN,RST limit: avg 3/sec burst 5
165 LOG level warning prefix `IPKF flags SYN,RST: '
166 0 0 LOG tcp -- eth0 any anywhere
167 anywhere tcp
168 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/sec burst
169 5 LOG level warning prefix `IPKF SYN,RST,ACK,FIN,URG: '
170 0 0 LOG tcp -- eth0 any anywhere
171 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
172 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap NULL): '
173 0 0 DROP tcp -- eth0 any anywhere
174 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
175 0 0 DROP tcp -- eth0 any anywhere
176 anywhere tcp
177 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
178 0 0 DROP tcp -- eth0 any anywhere
179 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
180 0 0 DROP tcp -- eth0 any anywhere
181 anywhere tcp flags:FIN,SYN/FIN,SYN
182 0 0 DROP tcp -- eth0 any anywhere
183 anywhere tcp flags:SYN,RST/SYN,RST
184 0 0 DROP tcp -- eth0 any anywhere
185 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
186 0 0 DROP tcp -- eth0 any anywhere
187 anywhere tcp
188 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
189 0 0 DROP tcp -- eth0 any anywhere
190 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
191 0 0 LOG all -- eth0 any anywhere
192 anywhere state INVALID limit: avg 3/sec burst 5 LOG level
193 warning prefix `IPKF Invalid TCP flag: '
194 0 0 DROP all -- eth0 any anywhere
195 anywhere state INVALID
196 0 0 LOG all -f eth0 any anywhere
197 anywhere limit: avg 3/sec burst 5 LOG level warning prefix
198 `IPKF Fragmented Packet: '
199 0 0 DROP all -f eth0 any anywhere
200 anywhere
201 0 0 LOG icmp -- eth0 any anywhere
202 anywhere icmp timestamp-request limit: avg 3/sec burst 5 LOG
203 level warning prefix `IPKF ICMP Timestamp: '
204 0 0 DROP icmp -- eth0 any anywhere
205 anywhere icmp timestamp-request
206 0 0 syn-flood tcp -- eth0 any anywhere
207 anywhere tcp flags:FIN,SYN,RST,ACK/SYN
208 0 0 LOG tcp -- eth0 any anywhere
209 anywhere tcp flags:!SYN,RST,ACK/SYN state NEW limit: avg
210 3/sec burst 5 LOG level warning prefix `IPKF New Not SYN: '
211 0 0 DROP tcp -- eth0 any anywhere
212 anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
213 0 0 DROP tcp -- eth0 any anywhere
214 anywhere multiport dports netbios-ns,6666
215 0 0 DROP udp -- eth0 any anywhere
216 anywhere multiport dports ms-sql-m
217 0 0 REJECT tcp -- eth0 any anywhere
218 anywhere tcp dpt:auth reject-with tcp-reset
219
220 Chain OUTPUT (policy ACCEPT 5 packets, 366 bytes)
221 pkts bytes target prot opt in out source
222 destination
223 60950 17M ACCEPT all -- any any anywhere
224 anywhere state RELATED,ESTABLISHED
225 968 76964 ACCEPT all -- any any anywhere
226 anywhere state NEW
227
228 Chain syn-flood (2 references)
229 pkts bytes target prot opt in out source
230 destination
231 125 6656 RETURN all -- any any anywhere
232 anywhere limit: avg 10/sec burst 24
233 0 0 LOG all -- any any anywhere
234 anywhere limit: avg 3/sec burst 5 LOG level warning prefix
235 `IPKF SYN flood: '
236 0 0 DROP all -- any any anywhere
237 anywhere
238 bullet ~ #
239
240
241
242
243
244
245 --
246 gentoo-user@g.o mailing list

Replies

Subject Author
Re: [gentoo-user] OT - ipkungfu perhaps not doing its job Alan McKinnon <alan@××××××××××××××××.za>
Report Message
Find on MARC Find on Google Groups