[Firehol-support] Apparent bypass of firewall by ssh login probes
Phil Whineray
phil at firehol.org
Tue Feb 9 20:09:26 GMT 2016
Hi
On Tue, Feb 09, 2016 at 10:02:29PM +0200, Tsaousis, Costa wrote:
> Hi,
>
> Are you sure these logs are not coming from another host?
>
> On Tue, Feb 9, 2016 at 9:44 PM, Whit Blauvelt <whit at transpect.com> wrote:
>
> > It's also managing to log with a false date, making it even weirder. So
> > auth.log looks like:
I think you need to solve this first so you can see what is really
happening. Costa has made one suggestion, another is this:
http://serverfault.com/questions/636901/random-ssh-entries-in-auth-log-out-of-date-order
which points to a bug in rsyslog:
http://bugzilla.adiscon.com/show_bug.cgi?id=527
Either way, the date is not being added at iptables or even sshd level
so it is unlikely to be related to your main concern directly.
Cheer
More information about the Firehol-support
mailing list