Topic: Firewall Denylog Entries

[ronnie_dk]

Hi there .
I'm new to SME. (6.01)
I'm new to Linux but have tried Freesco (linux) before.
I can't figure out what's going on in my logs..
All day long, lots of denylog entries..

Someone is trying to access the server on port 445

Oct  1 01:28:11 servergate kernel: denylog:IN=ppp0 OUT= MAC= SRC=80.219.56.247 DST=80.199.15.186 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=53262 DF PROTO=TCP SPT=2637 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0
Oct  1 01:28:14 servergate kernel: denylog:IN=ppp0 OUT= MAC= SRC=80.219.56.247 DST=80.199.15.186 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=53554 DF PROTO=TCP SPT=2637 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

Someone is trying to access SSH as root from the outside..filling up my messages log.
Is it possible to reduce the amount of log entries via some timer, or just not log them
Just a sample here: New entry each 3 sec.

Sep 22 05:38:34 servergate sshd[11123]: Failed password for root from 211.233.89.109 port 56405 ssh2
Sep 22 05:38:38 servergate sshd[11125]: Failed password for root from 211.233.89.109 port 56535 ssh2
Sep 22 05:38:41 servergate sshd[11127]: Failed password for root from 211.233.89.109 port 56764 ssh2
Sep 22 05:38:44 servergate sshd[11129]: Failed password for root from 211.233.89.109 port 56901 ssh2
Sep 22 05:38:46 servergate sshd[11131]: Failed password for root from 211.233.89.109 port 57032 ssh2

Something from my ISP: port 25
( running my own pop3 and smtp server but using smtp server from isp)

Oct  1 08:38:16 servergate kernel: denylog:IN=ppp0 OUT= MAC= SRC=195.41.46.236 DST=80.199.15.186 LEN=61 TOS=0x00 PREC=0x00 TTL=57 ID=1395 DF PROTO=TCP SPT=25 DPT=43328 WINDOW=57400 RES=0x00 ACK PSH FIN URGP=0
Oct  1 08:38:18 servergate kernel: denylog:IN=ppp0 OUT= MAC= SRC=195.41.46.236 DST=80.199.15.186 LEN=61 TOS=0x00 PREC=0x00 TTL=57 ID=2292 DF PROTO=TCP SPT=25 DPT=43328 WINDOW=57400 RES=0x00 ACK PSH FIN URGP=0

And here something unknown --

Oct  2 06:18:59 servergate kernel: denylog:IN=ppp0 OUT= MAC= SRC=67.162.66.142 DST=80.199.15.186 LEN=51 TOS=0x00 PREC=0x20 TTL=111 ID=7515 PROTO=UDP SPT=59593 DPT=6346 LEN=31
Oct  2 06:19:00 servergate kernel: denylog:IN=ppp0 OUT= MAC= SRC=67.162.66.142 DST=80.199.15.186 LEN=51 TOS=0x00 PREC=0x20 TTL=111 ID=7527 PROTO=UDP SPT=59593 DPT=6346 LEN=31
Oct  2 06:19:01 servergate kernel: denylog:IN=ppp0 OUT= MAC= SRC=67.162.66.142 DST=80.199.15.186 LEN=51 TOS=0x00 PREC=0x20 TTL=111 ID=7548 PROTO=UDP SPT=59593 DPT=6346 LEN=31
Oct  2 06:19:02 servergate kernel: denylog:IN=ppp0 OUT= MAC= SRC=67.162.66.142 DST=80.199.15.186 LEN=51 TOS=0x00 PREC=0x20 TTL=111 ID=7552 PROTO=UDP SPT=59593 DPT=6346 LEN=31

What can I do about these entries..
Maybe they are denied correctly, but they are filling up my log.

Is there som kind of config tool for the firewall on SME ?

Best Regards
Ronnie

[raem]

ronnie_dk

search the FAQ for how to set the logging level.
You won't see those entries after doing that as they won't be logged.

[ronnie_dk]

Year . of cource..
I have searched via the search feature in the top right corner . Result was not usable , but I could have told myself that ..
First go into the FAQ section and then make the query..

Problem is now solved.
TKS