Bonjour et merci pour les précisions.
Je subis des attaques incessantes par brute force sur le port sshd de mon serveur, comme tout le monde je pense, mais ca commence a me gonfler.
Ci-dessous un extrait de mon fichier /var/log/secure:
Aug 11 10:02:44 d124 sshd[25981]: Failed password for root from 124.225.122.164 port 47865 ssh2
Aug 11 10:02:44 d124 sshd[25982]: Received disconnect from 124.225.122.164: 11: Bye Bye
Aug 11 10:02:47 d124 unix_chkpwd[25986]: password check failed for user (root)
Aug 11 10:02:47 d124 sshd[25984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.225.122.164 user=root
Aug 11 10:02:49 d124 sshd[25984]: Failed password for root from 124.225.122.164 port 48099 ssh2
Aug 11 10:02:49 d124 sshd[25985]: Received disconnect from 124.225.122.164: 11: Bye Bye
Aug 11 10:02:52 d124 unix_chkpwd[25989]: password check failed for user (root)
Aug 11 10:02:52 d124 sshd[25987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.225.122.164 user=root
Aug 11 10:02:55 d124 sshd[25987]: Failed password for root from 124.225.122.164 port 48331 ssh2
Aug 11 10:02:55 d124 sshd[25988]: Received disconnect from 124.225.122.164: 11: Bye Bye
Aug 11 10:02:58 d124 unix_chkpwd[25993]: password check failed for user (root)
Aug 11 10:02:58 d124 sshd[25991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.225.122.164 user=root
Aug 11 10:02:59 d124 sshd[25991]: Failed password for root from 124.225.122.164 port 48586 ssh2
Aug 11 10:03:00 d124 sshd[25992]: Received disconnect from 124.225.122.164: 11: Bye Bye
Aug 11 10:03:03 d124 unix_chkpwd[25996]: password check failed for user (root)
Aug 11 10:03:03 d124 sshd[25994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.225.122.164 user=root
Aug 11 10:03:05 d124 sshd[25994]: Failed password for root from 124.225.122.164 port 48802 ssh2
Aug 11 10:03:05 d124 sshd[25995]: Received disconnect from 124.225.122.164: 11: Bye Bye
Aug 11 10:03:08 d124 unix_chkpwd[25999]: password check failed for user (root)
Aug 11 10:03:08 d124 sshd[25997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.225.122.164 user=root
Aug 11 10:03:10 d124 sshd[25997]: Failed password for root from 124.225.122.164 port 49059 ssh2
Aug 11 10:03:11 d124 sshd[25998]: Received disconnect from 124.225.122.164: 11: Bye Bye
Aug 11 10:03:13 d124 unix_chkpwd[26002]: password check failed for user (root)
Aug 11 10:03:13 d124 sshd[26000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.225.122.164 user=root
Aug 11 10:03:15 d124 sshd[26000]: Failed password for root from 124.225.122.164 port 49275 ssh2
Aug 11 10:03:15 d124 sshd[26001]: Received disconnect from 124.225.122.164: 11: Bye Bye
Aug 11 10:03:18 d124 unix_chkpwd[26005]: password check failed for user (root)
Aug 11 10:03:18 d124 sshd[26003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.225.122.164 user=root
J'ai donc tenté de bloquer l'ip de l'indésirable avec la commande:
iptables -A INPUT -s 124.225.122.164 -j DROP
Cela n'a pas eu d'effet. Je me documente actuellement sur iptables (je suis un gros noob en la matière) et me permet de vous donner ci-dessous le contenu de mon fichier :
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ndmp
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
DROP all -- 124.225.122.164 anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Pourquoi lui est-il toujours possible envoyer des paquets et donc de tenter des connexions ?
D'avance merci pour votre aide et meilleures salutations