[Firehol-support] Apparent bypass of firewall by ssh login probes

Phil Whineray phil at firehol.org
Tue Feb 9 20:09:26 GMT 2016


On Tue, Feb 09, 2016 at 10:02:29PM +0200, Tsaousis, Costa wrote:
> Hi,
> Are you sure these logs are not coming from another host?
> On Tue, Feb 9, 2016 at 9:44 PM, Whit Blauvelt <whit at transpect.com> wrote:
> > It's also managing to log with a false date, making it even weirder. So
> > auth.log looks like:

I think you need to solve this first so you can see what is really
happening. Costa has made one suggestion, another is this:


which points to a bug in rsyslog:


Either way, the date is not being added at iptables or even sshd level
so it is unlikely to be related to your main concern directly.


More information about the Firehol-support mailing list