News: Our new firewall do excellent work !

[redhat]

Our new firewall shows excellent work against DDoS, ICMP, port flood attacks.
The only thing left to say is: Bye Bye would like hacker kiddies !

Here is a small output:

Mar 04 18:16:29 srv01 kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=192.241.227.88 DST=185.34.216.24 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=36218 DPT=1830 WINDOW=65535 RES=0x00 SYN URGP=0
Mar 04 18:16:30 srv01 kernel: Firewall: *Port Flood* IN=venet0 OUT= MAC= SRC=27.71.227.142 DST=185.52.3.152 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=45328 DF PROTO=TCP SPT=58048 DPT=22222 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 04 18:16:34 srv01 kernel: Firewall: *Port Flood* IN=venet0 OUT= MAC= SRC=27.71.227.142 DST=185.52.3.152 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=45329 DF PROTO=TCP SPT=58048 DPT=22222 WINDOW=29200 RES=0x00 SYN URGP=0
Mar 04 18:16:36 srv01 kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=94.102.51.28 DST=185.34.216.24 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=53410 PROTO=TCP SPT=57907 DPT=14067 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 04 18:16:42 srv01 kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=185.211.246.69 DST=185.52.3.152 LEN=40 TOS=0x00 PREC=0xC0 TTL=249 ID=40171 PROTO=TCP SPT=60000 DPT=41922 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 04 18:16:46 srv01 kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=162.142.125.81 DST=185.52.3.152 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=43073 PROTO=TCP SPT=49006 DPT=14430 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 04 18:17:07 srv01 sshd[7454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.152.220.26  user=root
Mar 04 18:17:07 srv01 kernel: Firewall: *UDP_IN Blocked* IN=venet0 OUT= MAC= SRC=217.182.199.129 DST=185.34.216.24 LEN=445 TOS=0x00 PREC=0x00 TTL=51 ID=3461 PROTO=UDP SPT=5574 DPT=5060 LEN=425
Mar 04 18:17:09 srv01 sshd[7454]: Failed password for root from 194.152.220.26 port 41264 ssh2
Mar 04 18:17:09 srv01 sshd[7454]: Received disconnect from 194.152.220.26 port 41264:11: Bye Bye [preauth]
Mar 04 18:17:09 srv01 sshd[7454]: Disconnected from 194.152.220.26 port 41264 [preauth]
Mar 04 18:17:09 srv01 kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=194.147.140.31 DST=185.52.3.152 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=7523 PROTO=TCP SPT=55757 DPT=37429 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 04 18:17:18 srv01 sshd[7487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.69.97.151  user=root
Mar 04 18:17:20 srv01 sshd[7487]: Failed password for root from 81.69.97.151 port 58678 ssh2
Mar 04 18:17:20 srv01 sshd[7487]: Received disconnect from 81.69.97.151 port 58678:11: Bye Bye [preauth]
Mar 04 18:17:20 srv01 sshd[7487]: Disconnected from 81.69.97.151 port 58678 [preauth]
Mar 04 18:17:21 srv01 kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=194.147.140.107 DST=185.52.3.152 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=38999 PROTO=TCP SPT=46215 DPT=9436 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 04 18:17:31 srv01 sshd[7623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.175.139  user=root
Mar 04 18:17:33 srv01 sshd[7623]: Failed password for root from 81.70.175.139 port 60432 ssh2
Mar 04 18:17:33 srv01 sshd[7623]: Received disconnect from 81.70.175.139 port 60432:11: Bye Bye [preauth]
Mar 04 18:17:33 srv01 sshd[7623]: Disconnected from 81.70.175.139 port 60432 [preauth]
Mar 04 18:17:38 srv01 kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=194.147.140.20 DST=185.34.216.24 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=38354 PROTO=TCP SPT=48247 DPT=27292 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 04 18:17:48 srv01 kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=194.147.140.63 DST=185.52.3.152 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=13661 PROTO=TCP SPT=48001 DPT=268 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 04 18:17:52 srv01 kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=194.147.140.96 DST=185.34.216.24 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=50665 PROTO=TCP SPT=51646 DPT=3271 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 04 18:17:53 srv01 kernel: Firewall: *Port Flood* IN=venet0 OUT= MAC= SRC=199.167.138.22 DST=185.34.216.24 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=30832 PROTO=TCP SPT=61604 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
Mar 04 18:18:00 srv01 kernel: Firewall: *Port Flood* IN=venet0 OUT= MAC= SRC=199.167.138.22 DST=185.34.216.24 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=19613 PROTO=TCP SPT=57954 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
Mar 04 18:18:00 srv01 kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=185.34.163.189 DST=185.34.216.24 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=18028 PROTO=TCP SPT=43352 DPT=8291 WINDOW=14600 RES=0x00 SYN URGP=0
Mar 04 18:18:20 srv01 kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=194.147.140.41 DST=185.52.3.152 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=53632 PROTO=TCP SPT=58869 DPT=3405 WINDOW=1024 RES=0x00 SYN URGP=0

 

[elaygenov]

wow , nice thenks

 

[joelonlyne]

Hi, Redhat

Excellent Work!!

Is possible create a thread how create Our firewall as you did.

Could be awesome.

Thanks in advance.
J

 

[benfadhl]

exellent work

 

[redhat]

Hi, Redhat

Excellent Work!!

Is possible create a thread how create Our firewall as you did.

Could be awesome.

Thanks in advance.
J

Everything you need is here:

ConfigServer Security and Firewall (csf) – ConfigServer Services

www.configserver.com

How to install:

https://download.configserver.com/csf/install.txt

Documentation:

https://download.configserver.com/csf/readme.txt

 

[senkron24]

its lock like nice bud i dont think so thad so easy to install with a configs etc.. documents exist bud exackly how to missing

 

[redhat]

its lock like nice bud i dont think so thad so easy to install with a configs etc.. documents exist bud exackly how to missing

It is very easy to install, and if you guys take a little more time to read the documentation so it is also easy to configure it.