Attacchi da un cinese.. come difendersi?

Mettete al sicuro la vostra rete!

Moderatore: Federico.Lagni

Avatar utente
anubisg1
Cisco pathologically enlightened user
Messaggi: 218
Iscritto il: lun 18 ott , 2010 11:05 am
Località: Brno

allora ragazzi.. sul mio router ho impostato per motivi di sicurezza (evitare DoS attack):

Codice: Seleziona tutto

login block-for 240 attempts 4 within 120
negli ultimi due giorni ogni volta che provo a collegarmi al mio router ottengo "connection refused"..

ho aspettato un attimo, e sono riuscito ad entrare. ecco cosa ho trovato:

Codice: Seleziona tutto

Gateway#sh login failures 
Total failed logins: 74
Detailed information about last 50 failures

Username        SourceIPAddr    lPort Count TimeStamp
4test           218.30.22.142   22    1     13:16:20 ROME Tue Mar 20 2012
root0           218.30.22.142   22    1     13:16:27 ROME Tue Mar 20 2012
root1           218.30.22.142   22    1     13:16:34 ROME Tue Mar 20 2012
camille123      218.30.22.142   22    1     13:20:40 ROME Tue Mar 20 2012
a               218.30.22.142   22    2     13:25:20 ROME Tue Mar 20 2012
campani         218.30.22.142   22    1     13:20:54 ROME Tue Mar 20 2012
campani123      218.30.22.142   22    1     13:21:00 ROME Tue Mar 20 2012
fasion          218.30.22.142   22    1     13:25:07 ROME Tue Mar 20 2012
fasion123       218.30.22.142   22    1     13:25:14 ROME Tue Mar 20 2012
felicia         218.30.22.142   22    1     13:25:27 ROME Tue Mar 20 2012
kimberly        218.30.22.142   22    1     13:29:33 ROME Tue Mar 20 2012
kimberly123     218.30.22.142   22    1     13:29:40 ROME Tue Mar 20 2012
kim             218.30.22.142   22    1     13:29:47 ROME Tue Mar 20 2012
kim123          218.30.22.142   22    1     13:29:54 ROME Tue Mar 20 2012
peoria          218.30.22.142   22    3     13:34:14 ROME Tue Mar 20 2012
percolate       218.30.22.142   22    1     13:34:21 ROME Tue Mar 20 2012
student         218.30.22.142   22    3     13:38:40 ROME Tue Mar 20 2012
stundet         218.30.22.142   22    1     13:38:47 ROME Tue Mar 20 2012
test4           218.30.22.142   22    3     13:47:34 ROME Tue Mar 20 2012
test5           218.30.22.142   22    1     13:47:41 ROME Tue Mar 20 2012
alex            218.30.22.142   22    4     13:52:07 ROME Tue Mar 20 2012
stanley         218.30.22.142   22    4     13:56:34 ROME Tue Mar 20 2012
se              218.30.22.142   22    4     14:01:01 ROME Tue Mar 20 2012
valerie         218.30.22.142   22    1     14:05:09 ROME Tue Mar 20 2012
vermont         218.30.22.142   22    1     14:05:16 ROME Tue Mar 20 2012
virginia        218.30.22.142   22    1     14:05:24 ROME Tue Mar 20 2012
wanker          218.30.22.142   22    1     14:05:32 ROME Tue Mar 20 2012
potence         218.30.22.142   22    1     14:09:38 ROME Tue Mar 20 2012
agony           218.30.22.142   22    1     14:09:45 ROME Tue Mar 20 2012
pintail         218.30.22.142   22    1     14:09:52 ROME Tue Mar 20 2012
neon            218.30.22.142   22    1     14:09:58 ROME Tue Mar 20 2012
adinul          218.30.22.142   22    1     14:14:05 ROME Tue Mar 20 2012
adm             218.30.22.142   22    2     14:14:18 ROME Tue Mar 20 2012
          
Username        SourceIPAddr    lPort Count TimeStamp

admiire         218.30.22.142   22    1     14:14:25 ROME Tue Mar 20 2012
bkasapog        218.30.22.142   22    1     14:18:32 ROME Tue Mar 20 2012
bkpuser         218.30.22.142   22    1     14:18:39 ROME Tue Mar 20 2012
bkubes          218.30.22.142   22    1     14:18:45 ROME Tue Mar 20 2012
black           218.30.22.142   22    1     14:18:52 ROME Tue Mar 20 2012
dirkje          218.30.22.142   22    1     14:22:59 ROME Tue Mar 20 2012
dirtipikor      218.30.22.142   22    2     14:23:12 ROME Tue Mar 20 2012
disaro          218.30.22.142   22    1     14:23:19 ROME Tue Mar 20 2012
glazar          218.30.22.142   22    4     14:27:46 ROME Tue Mar 20 2012
root            218.30.22.142   22    4     14:32:14 ROME Tue Mar 20 2012
adrianna        218.30.22.142   22    1     14:36:20 ROME Tue Mar 20 2012
advil           218.30.22.142   22    1     14:36:27 ROME Tue Mar 20 2012
aeh             218.30.22.142   22    1     14:36:34 ROME Tue Mar 20 2012
aerobics        218.30.22.142   22    1     14:36:41 ROME Tue Mar 20 2012
etoile          218.30.22.142   22    1     14:40:47 ROME Tue Mar 20 2012
euclid          218.30.22.142   22    1     14:40:54 ROME Tue Mar 20 2012
eugene          218.30.22.142   22    1     14:41:01 ROME Tue Mar 20 2012


Gateway#sh log | i 218.30.22.142
008443: Mar 20 14:36:58.661 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(33554) -> 0.0.0.0(22), 1 packet  
008444: Mar 20 14:36:59.837 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(33668) -> 0.0.0.0(22), 1 packet  
008445: Mar 20 14:37:01.009 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(33802) -> 0.0.0.0(22), 1 packet  
008446: Mar 20 14:37:02.169 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(33914) -> 0.0.0.0(22), 1 packet  
008447: Mar 20 14:37:03.329 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34054) -> 0.0.0.0(22), 1 packet  
008448: Mar 20 14:37:04.521 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34172) -> 0.0.0.0(22), 1 packet  
008449: Mar 20 14:37:05.713 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34300) -> 0.0.0.0(22), 1 packet  
008450: Mar 20 14:37:06.921 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34431) -> 0.0.0.0(22), 1 packet  
008451: Mar 20 14:37:08.141 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34560) -> 0.0.0.0(22), 1 packet  
008452: Mar 20 14:37:09.329 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34652) -> 0.0.0.0(22), 1 packet  
008453: Mar 20 14:37:10.505 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34800) -> 0.0.0.0(22), 1 packet  
008454: Mar 20 14:37:11.681 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34926) -> 0.0.0.0(22), 1 packet  
008455: Mar 20 14:37:12.868 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35049) -> 0.0.0.0(22), 1 packet  
008456: Mar 20 14:37:14.044 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35139) -> 0.0.0.0(22), 1 packet  
008457: Mar 20 14:37:15.216 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35288) -> 0.0.0.0(22), 1 packet  
008458: Mar 20 14:37:16.384 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35394) -> 0.0.0.0(22), 1 packet  
008459: Mar 20 14:37:17.580 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35543) -> 0.0.0.0(22), 1 packet  
008460: Mar 20 14:37:18.748 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35634) -> 0.0.0.0(22), 1 packet  
008461: Mar 20 14:37:19.908 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35782) -> 0.0.0.0(22), 1 packet  
008462: Mar 20 14:37:21.076 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35874) -> 0.0.0.0(22), 1 packet  
008463: Mar 20 14:37:22.232 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36017) -> 0.0.0.0(22), 1 packet  
008464: Mar 20 14:37:23.460 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36133) -> 0.0.0.0(22), 1 packet  
008465: Mar 20 14:37:24.648 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36265) -> 0.0.0.0(22), 1 packet  
008466: Mar 20 14:37:25.840 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36362) -> 0.0.0.0(22), 1 packet  
008467: Mar 20 14:37:27.008 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36498) -> 0.0.0.0(22), 1 packet  
008468: Mar 20 14:37:28.196 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36626) -> 0.0.0.0(22), 1 packet  
008469: Mar 20 14:37:29.383 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36778) -> 0.0.0.0(22), 1 packet  
008470: Mar 20 14:37:30.599 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36857) -> 0.0.0.0(22), 1 packet  
008471: Mar 20 14:37:31.779 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36977) -> 0.0.0.0(22), 1 packet  
008472: Mar 20 14:37:32.951 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37086) -> 0.0.0.0(22), 1 packet  
008473: Mar 20 14:37:34.115 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37250) -> 0.0.0.0(22), 1 packet  
008474: Mar 20 14:37:35.295 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37362) -> 0.0.0.0(22), 1 packet  
008475: Mar 20 14:37:36.499 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37487) -> 0.0.0.0(22), 1 packet  
008476: Mar 20 14:37:37.687 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37602) -> 0.0.0.0(22), 1 packet  
008477: Mar 20 14:37:38.875 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37743) -> 0.0.0.0(22), 1 packet  
008478: Mar 20 14:37:40.119 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37874) -> 0.0.0.0(22), 1 packet  
008479: Mar 20 14:37:41.295 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37999) -> 0.0.0.0(22), 1 packet  
008480: Mar 20 14:37:42.547 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38112) -> 0.0.0.0(22), 1 packet  
008481: Mar 20 14:37:43.731 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38221) -> 0.0.0.0(22), 1 packet  
008483: Mar 20 14:37:44.959 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38347) -> 0.0.0.0(22), 1 packet  
008484: Mar 20 14:37:46.182 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38497) -> 0.0.0.0(22), 1 packet  
008485: Mar 20 14:37:47.402 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38604) -> 0.0.0.0(22), 1 packet  
008486: Mar 20 14:37:48.566 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38726) -> 0.0.0.0(22), 1 packet  
008487: Mar 20 14:37:49.790 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38866) -> 0.0.0.0(22), 1 packet  
008488: Mar 20 14:37:50.958 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38998) -> 0.0.0.0(22), 1 packet  
008489: Mar 20 14:37:52.118 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39110) -> 0.0.0.0(22), 1 packet  
008490: Mar 20 14:37:53.278 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39226) -> 0.0.0.0(22), 1 packet  
008491: Mar 20 14:37:54.442 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39350) -> 0.0.0.0(22), 1 packet  
008492: Mar 20 14:37:55.610 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39462) -> 0.0.0.0(22), 1 packet  
008493: Mar 20 14:37:56.774 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39589) -> 0.0.0.0(22), 1 packet  
008494: Mar 20 14:37:57.954 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39702) -> 0.0.0.0(22), 1 packet  
008496: Mar 20 14:38:00.302 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39951) -> 0.0.0.0(22), 1 packet  
008497: Mar 20 14:38:01.470 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40065) -> 0.0.0.0(22), 1 packet  
008498: Mar 20 14:38:02.650 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40182) -> 0.0.0.0(22), 1 packet  
008499: Mar 20 14:38:03.810 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40328) -> 0.0.0.0(22), 1 packet  
008500: Mar 20 14:38:04.989 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40447) -> 0.0.0.0(22), 1 packet  
008501: Mar 20 14:38:06.153 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40565) -> 0.0.0.0(22), 1 packet  
008502: Mar 20 14:38:07.333 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40655) -> 0.0.0.0(22), 1 packet  
008503: Mar 20 14:38:08.597 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40813) -> 0.0.0.0(22), 1 packet  
008504: Mar 20 14:38:09.781 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40925) -> 0.0.0.0(22), 1 packet  
008505: Mar 20 14:38:10.945 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41053) -> 0.0.0.0(22), 1 packet  
008506: Mar 20 14:38:12.105 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41167) -> 0.0.0.0(22), 1 packet  
008507: Mar 20 14:38:13.273 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41303) -> 0.0.0.0(22), 1 packet  
008508: Mar 20 14:38:14.461 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41409) -> 0.0.0.0(22), 1 packet  
008509: Mar 20 14:38:15.621 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41550) -> 0.0.0.0(22), 1 packet  
008510: Mar 20 14:38:16.821 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41691) -> 0.0.0.0(22), 1 packet  
008511: Mar 20 14:38:17.981 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41808) -> 0.0.0.0(22), 1 packet  
008512: Mar 20 14:38:19.173 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41901) -> 0.0.0.0(22), 1 packet  
008513: Mar 20 14:38:20.341 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42035) -> 0.0.0.0(22), 1 packet  
008514: Mar 20 14:38:21.504 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42157) -> 0.0.0.0(22), 1 packet  
008515: Mar 20 14:38:22.668 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42280) -> 0.0.0.0(22), 1 packet  
008516: Mar 20 14:38:23.832 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42398) -> 0.0.0.0(22), 1 packet  
008517: Mar 20 14:38:25.064 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42526) -> 0.0.0.0(22), 1 packet  
008518: Mar 20 14:38:26.232 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42630) -> 0.0.0.0(22), 1 packet  
008519: Mar 20 14:38:27.440 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42785) -> 0.0.0.0(22), 1 packet  
008520: Mar 20 14:38:28.612 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42908) -> 0.0.0.0(22), 1 packet  
008521: Mar 20 14:38:29.808 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43009) -> 0.0.0.0(22), 1 packet  
008522: Mar 20 14:38:30.968 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43125) -> 0.0.0.0(22), 1 packet  
008523: Mar 20 14:38:32.132 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43233) -> 0.0.0.0(22), 1 packet  
008524: Mar 20 14:38:33.352 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43400) -> 0.0.0.0(22), 1 packet  
008525: Mar 20 14:38:34.524 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43504) -> 0.0.0.0(22), 1 packet  
008526: Mar 20 14:38:35.712 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43626) -> 0.0.0.0(22), 1 packet  
008527: Mar 20 14:38:36.880 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43733) -> 0.0.0.0(22), 1 packet  
008528: Mar 20 14:38:38.039 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43881) -> 0.0.0.0(22), 1 packet  
008529: Mar 20 14:38:39.243 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(44018) -> 0.0.0.0(22), 1 packet  
008530: Mar 20 14:38:40.411 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(44112) -> 0.0.0.0(22), 1 packet  
008531: Mar 20 14:38:41.583 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(46980) -> 0.0.0.0(22), 1 packet  
008532: Mar 20 14:38:42.767 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47131) -> 0.0.0.0(22), 1 packet  
008533: Mar 20 14:38:43.951 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47222) -> 0.0.0.0(22), 1 packet  
008535: Mar 20 14:38:45.195 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47368) -> 0.0.0.0(22), 1 packet  
008536: Mar 20 14:38:46.359 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47527) -> 0.0.0.0(22), 1 packet  
008537: Mar 20 14:38:47.571 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47625) -> 0.0.0.0(22), 1 packet  
008538: Mar 20 14:38:48.731 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47747) -> 0.0.0.0(22), 1 packet  
008539: Mar 20 14:38:49.891 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47879) -> 0.0.0.0(22), 1 packet  
008540: Mar 20 14:38:51.059 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48027) -> 0.0.0.0(22), 1 packet  
008541: Mar 20 14:38:52.223 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48126) -> 0.0.0.0(22), 1 packet  
008542: Mar 20 14:38:53.423 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48249) -> 0.0.0.0(22), 1 packet  
008543: Mar 20 14:38:54.587 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48357) -> 0.0.0.0(22), 1 packet  
008544: Mar 20 14:38:55.771 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48511) -> 0.0.0.0(22), 1 packet  
008545: Mar 20 14:38:56.938 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48605) -> 0.0.0.0(22), 1 packet  
008546: Mar 20 14:38:58.106 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48740) -> 0.0.0.0(22), 1 packet  
008547: Mar 20 14:38:59.270 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48881) -> 0.0.0.0(22), 1 packet  
008548: Mar 20 14:39:00.430 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48993) -> 0.0.0.0(22), 1 packet  
008549: Mar 20 14:39:01.646 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(49102) -> 0.0.0.0(22), 1 packet  
008550: Mar 20 14:39:02.838 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(49266) -> 0.0.0.0(22), 1 packet  
008551: Mar 20 14:39:04.006 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(49374) -> 0.0.0.0(22), 1 packet  
008552: Mar 20 14:39:05.182 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(49483) -> 0.0.0.0(22), 1 packet  
008553: Mar 20 14:39:06.366 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(49599) -> 0.0.0.0(22), 1 packet  
008554: Mar 20 14:39:07.530 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(49741) -> 0.0.0.0(22), 1 packet  
008555: Mar 20 14:39:08.734 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(49859) -> 0.0.0.0(22), 1 packet  
008556: Mar 20 14:39:10.050 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50012) -> 0.0.0.0(22), 1 packet  
008557: Mar 20 14:39:11.274 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50123) -> 0.0.0.0(22), 1 packet  
008558: Mar 20 14:39:12.454 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50253) -> 0.0.0.0(22), 1 packet  
008559: Mar 20 14:39:13.625 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50379) -> 0.0.0.0(22), 1 packet  
008560: Mar 20 14:39:14.789 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50495) -> 0.0.0.0(22), 1 packet  
008561: Mar 20 14:39:16.001 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50632) -> 0.0.0.0(22), 1 packet  
008562: Mar 20 14:39:17.205 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50747) -> 0.0.0.0(22), 1 packet  
008563: Mar 20 14:39:18.405 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50869) -> 0.0.0.0(22), 1 packet  
008564: Mar 20 14:39:19.609 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50973) -> 0.0.0.0(22), 1 packet  
008565: Mar 20 14:39:20.825 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51134) -> 0.0.0.0(22), 1 packet  
008566: Mar 20 14:39:22.021 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51249) -> 0.0.0.0(22), 1 packet  
008567: Mar 20 14:39:23.225 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51358) -> 0.0.0.0(22), 1 packet  
008568: Mar 20 14:39:24.397 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51489) -> 0.0.0.0(22), 1 packet  
008569: Mar 20 14:39:25.577 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51604) -> 0.0.0.0(22), 1 packet  
008570: Mar 20 14:39:26.817 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51737) -> 0.0.0.0(22), 1 packet  
008571: Mar 20 14:39:28.053 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51856) -> 0.0.0.0(22), 1 packet  
008572: Mar 20 14:39:29.265 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51986) -> 0.0.0.0(22), 1 packet  
008573: Mar 20 14:39:30.480 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52098) -> 0.0.0.0(22), 1 packet  
008575: Mar 20 14:39:32.912 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52351) -> 0.0.0.0(22), 1 packet  
008576: Mar 20 14:39:34.188 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52508) -> 0.0.0.0(22), 1 packet  
008577: Mar 20 14:39:35.400 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52628) -> 0.0.0.0(22), 1 packet  
008578: Mar 20 14:39:36.644 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52757) -> 0.0.0.0(22), 1 packet  
008579: Mar 20 14:39:37.864 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52880) -> 0.0.0.0(22), 1 packet  
008580: Mar 20 14:39:39.096 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53002) -> 0.0.0.0(22), 1 packet  
008581: Mar 20 14:39:40.352 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53130) -> 0.0.0.0(22), 1 packet  
008582: Mar 20 14:39:41.576 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53248) -> 0.0.0.0(22), 1 packet  
008583: Mar 20 14:39:42.808 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53372) -> 0.0.0.0(22), 1 packet  
008585: Mar 20 14:39:44.048 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53508) -> 0.0.0.0(22), 1 packet  
008586: Mar 20 14:39:45.240 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53621) -> 0.0.0.0(22), 1 packet  
008587: Mar 20 14:39:46.416 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53761) -> 0.0.0.0(22), 1 packet  
008588: Mar 20 14:39:47.584 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53894) -> 0.0.0.0(22), 1 packet  
008589: Mar 20 14:39:48.759 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53991) -> 0.0.0.0(22), 1 packet  
008592: Mar 20 14:39:52.251 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54346) -> 0.0.0.0(22), 1 packet  
008593: Mar 20 14:39:53.419 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54468) -> 0.0.0.0(22), 1 packet  
008594: Mar 20 14:39:54.583 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54592) -> 0.0.0.0(22), 1 packet  
008595: Mar 20 14:39:55.775 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54735) -> 0.0.0.0(22), 1 packet  
008596: Mar 20 14:39:56.931 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54817) -> 0.0.0.0(22), 1 packet  
008597: Mar 20 14:39:58.103 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54955) -> 0.0.0.0(22), 1 packet  
008598: Mar 20 14:39:59.271 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55123) -> 0.0.0.0(22), 1 packet  
008599: Mar 20 14:40:00.447 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55211) -> 0.0.0.0(22), 1 packet  
008600: Mar 20 14:40:01.615 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55302) -> 0.0.0.0(22), 1 packet  
008601: Mar 20 14:40:02.803 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55448) -> 0.0.0.0(22), 1 packet  
008602: Mar 20 14:40:03.991 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55603) -> 0.0.0.0(22), 1 packet  
008603: Mar 20 14:40:05.154 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55686) -> 0.0.0.0(22), 1 packet  
008604: Mar 20 14:40:06.318 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55819) -> 0.0.0.0(22), 1 packet  
008605: Mar 20 14:40:07.574 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55956) -> 0.0.0.0(22), 1 packet  
008606: Mar 20 14:40:08.762 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56079) -> 0.0.0.0(22), 1 packet  
008607: Mar 20 14:40:09.970 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56190) -> 0.0.0.0(22), 1 packet  
008608: Mar 20 14:40:11.186 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56356) -> 0.0.0.0(22), 1 packet  
008609: Mar 20 14:40:12.362 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56464) -> 0.0.0.0(22), 1 packet  
008610: Mar 20 14:40:13.558 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56554) -> 0.0.0.0(22), 1 packet  
008611: Mar 20 14:40:14.746 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56654) -> 0.0.0.0(22), 1 packet  
008612: Mar 20 14:40:15.906 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56835) -> 0.0.0.0(22), 1 packet  
008613: Mar 20 14:40:17.090 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56945) -> 0.0.0.0(22), 1 packet  
008614: Mar 20 14:40:18.270 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57034) -> 0.0.0.0(22), 1 packet  
008615: Mar 20 14:40:19.438 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57117) -> 0.0.0.0(22), 1 packet  
008616: Mar 20 14:40:20.690 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57293) -> 0.0.0.0(22), 1 packet  
008617: Mar 20 14:40:21.898 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57430) -> 0.0.0.0(22), 1 packet  
008618: Mar 20 14:40:23.069 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57519) -> 0.0.0.0(22), 1 packet  
008619: Mar 20 14:40:24.249 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57625) -> 0.0.0.0(22), 1 packet  
008620: Mar 20 14:40:25.469 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57766) -> 0.0.0.0(22), 1 packet  
008621: Mar 20 14:40:26.649 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57883) -> 0.0.0.0(22), 1 packet  
008622: Mar 20 14:40:27.893 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57984) -> 0.0.0.0(22), 1 packet  
008623: Mar 20 14:40:29.141 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(58141) -> 0.0.0.0(22), 1 packet  
008624: Mar 20 14:40:30.345 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(58265) -> 0.0.0.0(22), 1 packet  
008625: Mar 20 14:40:31.545 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(58369) -> 0.0.0.0(22), 1 packet  
008626: Mar 20 14:40:32.745 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(58470) -> 0.0.0.0(22), 1 packet  
008627: Mar 20 14:40:33.929 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(58640) -> 0.0.0.0(22), 1 packet  
008628: Mar 20 14:40:35.109 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(58755) -> 0.0.0.0(22), 1 packet  
008629: Mar 20 14:40:36.293 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(58843) -> 0.0.0.0(22), 1 packet  
008630: Mar 20 14:40:37.465 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(58936) -> 0.0.0.0(22), 1 packet  
008631: Mar 20 14:40:38.685 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(59083) -> 0.0.0.0(22), 1 packet  
008632: Mar 20 14:40:39.884 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(59224) -> 0.0.0.0(22), 1 packet  
008633: Mar 20 14:40:41.056 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(59348) -> 0.0.0.0(22), 1 packet  
008636: Mar 20 14:41:08.211 ROME: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 93 secs, [user: europe] [Source: 218.30.22.142] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 14:41:08 ROME Tue Mar 20 2012
008637: Mar 20 14:41:08.715 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(33867) -> 0.0.0.0(22), 1 packet  
008638: Mar 20 14:41:09.983 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(33984) -> 0.0.0.0(22), 1 packet  
008639: Mar 20 14:41:11.195 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34105) -> 0.0.0.0(22), 1 packet  
008640: Mar 20 14:41:12.359 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34230) -> 0.0.0.0(22), 1 packet  
008641: Mar 20 14:41:13.535 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34360) -> 0.0.0.0(22), 1 packet  
008642: Mar 20 14:41:14.738 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34460) -> 0.0.0.0(22), 1 packet  
008643: Mar 20 14:41:15.946 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34604) -> 0.0.0.0(22), 1 packet  
008644: Mar 20 14:41:17.114 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34766) -> 0.0.0.0(22), 1 packet  
008645: Mar 20 14:41:18.298 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34853) -> 0.0.0.0(22), 1 packet  
008646: Mar 20 14:41:19.498 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(34952) -> 0.0.0.0(22), 1 packet  
008647: Mar 20 14:41:20.718 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35069) -> 0.0.0.0(22), 1 packet  
008648: Mar 20 14:41:21.906 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35214) -> 0.0.0.0(22), 1 packet  
008649: Mar 20 14:41:23.070 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35346) -> 0.0.0.0(22), 1 packet  
008650: Mar 20 14:41:24.238 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35456) -> 0.0.0.0(22), 1 packet  
008651: Mar 20 14:41:25.406 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35556) -> 0.0.0.0(22), 1 packet  
008652: Mar 20 14:41:26.578 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35677) -> 0.0.0.0(22), 1 packet  
008653: Mar 20 14:41:27.782 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35829) -> 0.0.0.0(22), 1 packet  
008654: Mar 20 14:41:28.978 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(35960) -> 0.0.0.0(22), 1 packet  
008655: Mar 20 14:41:30.158 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36062) -> 0.0.0.0(22), 1 packet  
008656: Mar 20 14:41:31.373 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36157) -> 0.0.0.0(22), 1 packet  
008657: Mar 20 14:41:32.577 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36306) -> 0.0.0.0(22), 1 packet  
008658: Mar 20 14:41:33.789 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36427) -> 0.0.0.0(22), 1 packet  
008659: Mar 20 14:41:34.989 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36555) -> 0.0.0.0(22), 1 packet  
008660: Mar 20 14:41:36.205 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36660) -> 0.0.0.0(22), 1 packet  
008661: Mar 20 14:41:37.381 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36798) -> 0.0.0.0(22), 1 packet  
008662: Mar 20 14:41:38.577 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(36914) -> 0.0.0.0(22), 1 packet  
008663: Mar 20 14:41:39.833 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37044) -> 0.0.0.0(22), 1 packet  
008664: Mar 20 14:41:41.073 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37183) -> 0.0.0.0(22), 1 packet  
008665: Mar 20 14:41:42.261 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37288) -> 0.0.0.0(22), 1 packet  
008666: Mar 20 14:41:43.493 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37406) -> 0.0.0.0(22), 1 packet  
008668: Mar 20 14:41:44.789 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37515) -> 0.0.0.0(22), 1 packet  
008669: Mar 20 14:41:46.017 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37646) -> 0.0.0.0(22), 1 packet  
008670: Mar 20 14:41:47.333 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37783) -> 0.0.0.0(22), 1 packet  
008671: Mar 20 14:41:48.569 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(37911) -> 0.0.0.0(22), 1 packet  
008672: Mar 20 14:41:49.816 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38003) -> 0.0.0.0(22), 1 packet  
008673: Mar 20 14:41:51.128 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38135) -> 0.0.0.0(22), 1 packet  
008674: Mar 20 14:41:52.408 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38253) -> 0.0.0.0(22), 1 packet  
008675: Mar 20 14:41:53.696 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38395) -> 0.0.0.0(22), 1 packet  
008676: Mar 20 14:41:54.984 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38505) -> 0.0.0.0(22), 1 packet  
008677: Mar 20 14:41:56.220 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38620) -> 0.0.0.0(22), 1 packet  
008678: Mar 20 14:41:57.476 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38729) -> 0.0.0.0(22), 1 packet  
008679: Mar 20 14:41:58.708 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(38877) -> 0.0.0.0(22), 1 packet  
008680: Mar 20 14:41:59.940 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39000) -> 0.0.0.0(22), 1 packet  
008681: Mar 20 14:42:01.188 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39099) -> 0.0.0.0(22), 1 packet  
008682: Mar 20 14:42:02.432 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39229) -> 0.0.0.0(22), 1 packet  
008683: Mar 20 14:42:03.660 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39343) -> 0.0.0.0(22), 1 packet  
008684: Mar 20 14:42:04.908 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39473) -> 0.0.0.0(22), 1 packet  
008685: Mar 20 14:42:06.135 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39566) -> 0.0.0.0(22), 1 packet  
008686: Mar 20 14:42:07.363 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39705) -> 0.0.0.0(22), 1 packet  
008687: Mar 20 14:42:08.615 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39824) -> 0.0.0.0(22), 1 packet  
008688: Mar 20 14:42:09.887 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(39942) -> 0.0.0.0(22), 1 packet  
008689: Mar 20 14:42:11.139 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40091) -> 0.0.0.0(22), 1 packet  
008690: Mar 20 14:42:12.463 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40204) -> 0.0.0.0(22), 1 packet  
008691: Mar 20 14:42:13.727 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40317) -> 0.0.0.0(22), 1 packet  
008692: Mar 20 14:42:14.947 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40422) -> 0.0.0.0(22), 1 packet  
008693: Mar 20 14:42:16.167 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40513) -> 0.0.0.0(22), 1 packet  
008694: Mar 20 14:42:17.395 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40678) -> 0.0.0.0(22), 1 packet  
008695: Mar 20 14:42:18.647 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40795) -> 0.0.0.0(22), 1 packet  
008696: Mar 20 14:42:19.899 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40888) -> 0.0.0.0(22), 1 packet  
008697: Mar 20 14:42:21.131 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(40985) -> 0.0.0.0(22), 1 packet  
008698: Mar 20 14:42:22.383 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41148) -> 0.0.0.0(22), 1 packet  
008699: Mar 20 14:42:23.638 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41285) -> 0.0.0.0(22), 1 packet  
008700: Mar 20 14:42:24.874 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41370) -> 0.0.0.0(22), 1 packet  
008701: Mar 20 14:42:26.126 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41499) -> 0.0.0.0(22), 1 packet  
008702: Mar 20 14:42:27.374 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41586) -> 0.0.0.0(22), 1 packet  
008703: Mar 20 14:42:28.598 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41723) -> 0.0.0.0(22), 1 packet  
008704: Mar 20 14:42:29.830 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41837) -> 0.0.0.0(22), 1 packet  
008705: Mar 20 14:42:31.058 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(41955) -> 0.0.0.0(22), 1 packet  
008706: Mar 20 14:42:32.266 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42035) -> 0.0.0.0(22), 1 packet  
008707: Mar 20 14:42:33.474 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42163) -> 0.0.0.0(22), 1 packet  
008708: Mar 20 14:42:34.682 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42302) -> 0.0.0.0(22), 1 packet  
008709: Mar 20 14:42:35.902 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42418) -> 0.0.0.0(22), 1 packet  
008710: Mar 20 14:42:37.110 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42500) -> 0.0.0.0(22), 1 packet  
008711: Mar 20 14:42:38.530 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42621) -> 0.0.0.0(22), 1 packet  
008712: Mar 20 14:42:39.754 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42750) -> 0.0.0.0(22), 1 packet  
008713: Mar 20 14:42:40.985 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(42898) -> 0.0.0.0(22), 1 packet  
008714: Mar 20 14:42:42.185 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43010) -> 0.0.0.0(22), 1 packet  
008715: Mar 20 14:42:43.417 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43112) -> 0.0.0.0(22), 1 packet  
008717: Mar 20 14:42:44.601 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43203) -> 0.0.0.0(22), 1 packet  
008718: Mar 20 14:42:45.773 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43321) -> 0.0.0.0(22), 1 packet  
008719: Mar 20 14:42:46.973 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43479) -> 0.0.0.0(22), 1 packet  
008720: Mar 20 14:42:48.189 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43580) -> 0.0.0.0(22), 1 packet  
008721: Mar 20 14:42:49.385 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43675) -> 0.0.0.0(22), 1 packet  
008722: Mar 20 14:42:50.569 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43774) -> 0.0.0.0(22), 1 packet  
008723: Mar 20 14:42:51.797 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(43895) -> 0.0.0.0(22), 1 packet  
008724: Mar 20 14:42:52.977 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(44057) -> 0.0.0.0(22), 1 packet  
008725: Mar 20 14:42:54.169 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(44149) -> 0.0.0.0(22), 1 packet  
008726: Mar 20 14:42:55.465 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(44237) -> 0.0.0.0(22), 1 packet  
008727: Mar 20 14:42:56.701 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(44362) -> 0.0.0.0(22), 1 packet  
008728: Mar 20 14:42:57.920 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(44501) -> 0.0.0.0(22), 1 packet  
008729: Mar 20 14:42:59.140 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(44632) -> 0.0.0.0(22), 1 packet  
008730: Mar 20 14:43:00.376 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(44717) -> 0.0.0.0(22), 1 packet  
008731: Mar 20 14:43:01.624 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(44840) -> 0.0.0.0(22), 1 packet  
008732: Mar 20 14:43:02.856 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(44960) -> 0.0.0.0(22), 1 packet  
008733: Mar 20 14:43:04.080 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(45080) -> 0.0.0.0(22), 1 packet  
008734: Mar 20 14:43:05.296 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(45192) -> 0.0.0.0(22), 1 packet  
008735: Mar 20 14:43:06.548 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(45317) -> 0.0.0.0(22), 1 packet  
008736: Mar 20 14:43:07.768 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(45445) -> 0.0.0.0(22), 1 packet  
008737: Mar 20 14:43:08.972 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(45559) -> 0.0.0.0(22), 1 packet  
008738: Mar 20 14:43:10.152 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(45647) -> 0.0.0.0(22), 1 packet  
008739: Mar 20 14:43:11.372 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(45792) -> 0.0.0.0(22), 1 packet  
008740: Mar 20 14:43:12.664 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(45932) -> 0.0.0.0(22), 1 packet  
008741: Mar 20 14:43:14.072 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(46040) -> 0.0.0.0(22), 1 packet  
008742: Mar 20 14:43:15.431 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(46135) -> 0.0.0.0(22), 1 packet  
008743: Mar 20 14:43:16.771 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(46298) -> 0.0.0.0(22), 1 packet  
008744: Mar 20 14:43:18.079 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(46440) -> 0.0.0.0(22), 1 packet  
008745: Mar 20 14:43:19.371 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(46534) -> 0.0.0.0(22), 1 packet  
008746: Mar 20 14:43:20.671 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(46652) -> 0.0.0.0(22), 1 packet  
008747: Mar 20 14:43:21.959 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(46791) -> 0.0.0.0(22), 1 packet  
008748: Mar 20 14:43:23.235 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(46913) -> 0.0.0.0(22), 1 packet  
008749: Mar 20 14:43:24.507 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47017) -> 0.0.0.0(22), 1 packet  
008750: Mar 20 14:43:25.735 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47140) -> 0.0.0.0(22), 1 packet  
008751: Mar 20 14:43:26.963 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47279) -> 0.0.0.0(22), 1 packet  
008752: Mar 20 14:43:28.251 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47377) -> 0.0.0.0(22), 1 packet  
008753: Mar 20 14:43:29.571 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47522) -> 0.0.0.0(22), 1 packet  
008754: Mar 20 14:43:30.879 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47642) -> 0.0.0.0(22), 1 packet  
008755: Mar 20 14:43:32.151 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47759) -> 0.0.0.0(22), 1 packet  
008756: Mar 20 14:43:33.414 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(47854) -> 0.0.0.0(22), 1 packet  
008757: Mar 20 14:43:34.690 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48016) -> 0.0.0.0(22), 1 packet  
008758: Mar 20 14:43:35.978 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48120) -> 0.0.0.0(22), 1 packet  
008759: Mar 20 14:43:37.242 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48233) -> 0.0.0.0(22), 1 packet  
008760: Mar 20 14:43:38.494 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48332) -> 0.0.0.0(22), 1 packet  
008761: Mar 20 14:43:39.782 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48484) -> 0.0.0.0(22), 1 packet  
008762: Mar 20 14:43:40.998 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(48604) -> 0.0.0.0(22), 1 packet  
008763: Mar 20 14:43:42.198 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50238) -> 0.0.0.0(22), 1 packet  
008764: Mar 20 14:43:43.422 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50375) -> 0.0.0.0(22), 1 packet  
008766: Mar 20 14:43:44.650 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50479) -> 0.0.0.0(22), 1 packet  
008767: Mar 20 14:43:45.866 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50584) -> 0.0.0.0(22), 1 packet  
008768: Mar 20 14:43:47.122 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50712) -> 0.0.0.0(22), 1 packet  
008769: Mar 20 14:43:48.374 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50831) -> 0.0.0.0(22), 1 packet  
008770: Mar 20 14:43:49.650 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(50956) -> 0.0.0.0(22), 1 packet  
008771: Mar 20 14:43:50.953 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51067) -> 0.0.0.0(22), 1 packet  
008772: Mar 20 14:43:52.257 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51171) -> 0.0.0.0(22), 1 packet  
008773: Mar 20 14:43:53.577 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51325) -> 0.0.0.0(22), 1 packet  
008774: Mar 20 14:43:54.845 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51457) -> 0.0.0.0(22), 1 packet  
008775: Mar 20 14:43:56.117 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51572) -> 0.0.0.0(22), 1 packet  
008776: Mar 20 14:43:57.417 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51668) -> 0.0.0.0(22), 1 packet  
008777: Mar 20 14:43:58.725 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51800) -> 0.0.0.0(22), 1 packet  
008778: Mar 20 14:43:59.985 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(51935) -> 0.0.0.0(22), 1 packet  
008779: Mar 20 14:44:01.245 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52054) -> 0.0.0.0(22), 1 packet  
008780: Mar 20 14:44:02.509 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52147) -> 0.0.0.0(22), 1 packet  
008781: Mar 20 14:44:03.801 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52275) -> 0.0.0.0(22), 1 packet  
008782: Mar 20 14:44:05.089 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52444) -> 0.0.0.0(22), 1 packet  
008783: Mar 20 14:44:06.453 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52564) -> 0.0.0.0(22), 1 packet  
008784: Mar 20 14:44:07.708 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52660) -> 0.0.0.0(22), 1 packet  
008785: Mar 20 14:44:08.992 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52787) -> 0.0.0.0(22), 1 packet  
008786: Mar 20 14:44:10.308 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(52909) -> 0.0.0.0(22), 1 packet  
008787: Mar 20 14:44:11.620 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53046) -> 0.0.0.0(22), 1 packet  
008789: Mar 20 14:44:12.944 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53163) -> 0.0.0.0(22), 1 packet  
008790: Mar 20 14:44:14.220 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53278) -> 0.0.0.0(22), 1 packet  
008791: Mar 20 14:44:15.484 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53398) -> 0.0.0.0(22), 1 packet  
008792: Mar 20 14:44:16.740 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53545) -> 0.0.0.0(22), 1 packet  
008793: Mar 20 14:44:17.960 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53671) -> 0.0.0.0(22), 1 packet  
008794: Mar 20 14:44:19.196 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53759) -> 0.0.0.0(22), 1 packet  
008795: Mar 20 14:44:20.420 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53867) -> 0.0.0.0(22), 1 packet  
008796: Mar 20 14:44:21.656 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(53994) -> 0.0.0.0(22), 1 packet  
008797: Mar 20 14:44:22.876 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54136) -> 0.0.0.0(22), 1 packet  
008798: Mar 20 14:44:24.136 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54245) -> 0.0.0.0(22), 1 packet  
008799: Mar 20 14:44:25.379 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54344) -> 0.0.0.0(22), 1 packet  
008800: Mar 20 14:44:26.615 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54453) -> 0.0.0.0(22), 1 packet  
008801: Mar 20 14:44:27.859 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54611) -> 0.0.0.0(22), 1 packet  
008802: Mar 20 14:44:29.107 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54712) -> 0.0.0.0(22), 1 packet  
008803: Mar 20 14:44:30.347 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54831) -> 0.0.0.0(22), 1 packet  
008804: Mar 20 14:44:31.623 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(54938) -> 0.0.0.0(22), 1 packet  
008805: Mar 20 14:44:32.887 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55067) -> 0.0.0.0(22), 1 packet  
008806: Mar 20 14:44:34.123 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55180) -> 0.0.0.0(22), 1 packet  
008807: Mar 20 14:44:35.343 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55296) -> 0.0.0.0(22), 1 packet  
008808: Mar 20 14:44:36.547 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55401) -> 0.0.0.0(22), 1 packet  
008809: Mar 20 14:44:37.779 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55531) -> 0.0.0.0(22), 1 packet  
008810: Mar 20 14:44:39.011 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55634) -> 0.0.0.0(22), 1 packet  
008811: Mar 20 14:44:40.207 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55774) -> 0.0.0.0(22), 1 packet  
008812: Mar 20 14:44:41.415 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(55869) -> 0.0.0.0(22), 1 packet  
008813: Mar 20 14:44:42.634 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56006) -> 0.0.0.0(22), 1 packet  
008814: Mar 20 14:44:43.894 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56127) -> 0.0.0.0(22), 1 packet  
008816: Mar 20 14:44:45.098 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56215) -> 0.0.0.0(22), 1 packet  
008817: Mar 20 14:44:46.314 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56302) -> 0.0.0.0(22), 1 packet  
008818: Mar 20 14:44:47.530 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56447) -> 0.0.0.0(22), 1 packet  
008819: Mar 20 14:44:48.718 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56556) -> 0.0.0.0(22), 1 packet  
008820: Mar 20 14:44:49.926 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56675) -> 0.0.0.0(22), 1 packet  
008821: Mar 20 14:44:51.174 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56767) -> 0.0.0.0(22), 1 packet  
008822: Mar 20 14:44:52.418 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(56939) -> 0.0.0.0(22), 1 packet  
008823: Mar 20 14:44:53.690 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57034) -> 0.0.0.0(22), 1 packet  
008824: Mar 20 14:44:54.958 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57145) -> 0.0.0.0(22), 1 packet  
008825: Mar 20 14:44:56.170 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57256) -> 0.0.0.0(22), 1 packet  
008826: Mar 20 14:44:57.422 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57378) -> 0.0.0.0(22), 1 packet  
008827: Mar 20 14:44:58.606 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57494) -> 0.0.0.0(22), 1 packet  
008828: Mar 20 14:44:59.793 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57596) -> 0.0.0.0(22), 1 packet  
008829: Mar 20 14:45:00.977 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57717) -> 0.0.0.0(22), 1 packet  
008830: Mar 20 14:45:02.153 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57817) -> 0.0.0.0(22), 1 packet  
008831: Mar 20 14:45:03.353 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(57946) -> 0.0.0.0(22), 1 packet  
008832: Mar 20 14:45:04.529 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(58058) -> 0.0.0.0(22), 1 packet  
008833: Mar 20 14:45:05.733 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(58179) -> 0.0.0.0(22), 1 packet  
008834: Mar 20 14:45:06.977 ROME: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 218.30.22.142(58278) -> 0.0.0.0(22), 1 packet  

altre info su questo ip:

Codice: Seleziona tutto

anubisg1@linux-dpnd:~> whois 218.30.22.142
% [whois.apnic.net node-5]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:        218.30.20.0 - 218.30.24.255
netname:        CHINANET-IDC-XA
descr:          CHINANET IDC center
descr:          China Telecom
descr:          A12,Xin-Jie-Kou-Wai Street
descr:          Beijing 100088
country:        CN
admin-c:        CH93-AP
tech-c:         CH93-AP
mnt-by:         MAINT-CHINANET
changed:        [email protected] 20010731
status:         ALLOCATED NON-PORTABLE
source:         APNIC

person:         Chinanet Hostmaster
nic-hdl:        CH93-AP
e-mail:         [email protected]
address:        No.31 ,jingrong street,beijing
address:        100032
phone:          +86-10-58501724
fax-no:         +86-10-58501724
country:        CN
changed:        [email protected] 20070416
mnt-by:         MAINT-CHINANET
source:         APNIC

adesso, ho "aggirato" il problema con un'access list :

Codice: Seleziona tutto

Gateway#sh access-lists 100
Extended IP access list 100
    10 deny tcp host 218.30.22.142 any (743 matches)
    20 permit tcp 10.0.0.0 0.255.255.255 any eq telnet
    30 permit tcp 192.168.0.0 0.0.0.255 any eq telnet
    40 permit tcp any any eq 22
    50 deny tcp any any log

Gateway#sh run | s line vty
line vty 0 4
 access-class 100 in
 exec-timeout 15 0
 logging synchronous
 transport input telnet ssh
per adesso funzione, e metro scrivo questo tizio continua...

Codice: Seleziona tutto

Gateway#sh access-list 100
Extended IP access list 100
    10 deny tcp host 218.30.22.142 any (940 matches)
    20 permit tcp 10.0.0.0 0.255.255.255 any eq telnet
    30 permit tcp 192.168.0.0 0.0.0.255 any eq telnet
    40 permit tcp any any eq 22
    50 deny tcp any any log
Gateway#sh clock          
14:51:31.779 ROME Tue Mar 20 2012
Gateway#sh access-list 100
Extended IP access list 100
    10 deny tcp host 218.30.22.142 any (950 matches)
    20 permit tcp 10.0.0.0 0.255.255.255 any eq telnet
    30 permit tcp 192.168.0.0 0.0.0.255 any eq telnet
    40 permit tcp any any eq 22
    50 deny tcp any any log
Gateway#sh clock          
14:51:35.663 ROME Tue Mar 20 2012
Gateway#sh access-list 100
Extended IP access list 100
    10 deny tcp host 218.30.22.142 any (960 matches)
    20 permit tcp 10.0.0.0 0.255.255.255 any eq telnet
    30 permit tcp 192.168.0.0 0.0.0.255 any eq telnet
    40 permit tcp any any eq 22
    50 deny tcp any any log

credo che quell'access-list sia un palliativo, perchè il tizio potrebbe cambiare IP da un momento all'altro.. idee?
Ultima modifica di anubisg1 il mar 20 mar , 2012 4:02 pm, modificato 2 volte in totale.
Cisco CCIE #46985 Immagine
CCNP R&S, CCNA Wireless and Security
Avatar utente
anubisg1
Cisco pathologically enlightened user
Messaggi: 218
Iscritto il: lun 18 ott , 2010 11:05 am
Località: Brno

il tizio continua:

Codice: Seleziona tutto

Gateway#sh access-list 100
Extended IP access list 100
    10 deny tcp host 218.30.22.142 any (1510 matches)
    20 permit tcp 10.0.0.0 0.255.255.255 any eq telnet
    30 permit tcp 192.168.0.0 0.0.0.255 any eq telnet
    40 permit tcp any any eq 22
    50 deny tcp any any log
Gateway# sh clock         
14:55:29.741 ROME Tue Mar 20 2012

ecco una scansione di nmap:

Codice: Seleziona tutto

linux-dpnd:~ # nmap -v -A 218.30.22.142

Starting Nmap 5.61TEST2 ( http://nmap.org ) at 2012-03-20 14:53 CET
NSE: Loaded 72 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 14:53
Scanning 218.30.22.142 [4 ports]
Completed Ping Scan at 14:53, 0.41s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:53
Completed Parallel DNS resolution of 1 host. at 14:53, 0.03s elapsed
Initiating SYN Stealth Scan at 14:53
Scanning 218.30.22.142 [1000 ports]
Discovered open port 110/tcp on 218.30.22.142
Discovered open port 22/tcp on 218.30.22.142
Discovered open port 25/tcp on 218.30.22.142
Discovered open port 111/tcp on 218.30.22.142
Discovered open port 995/tcp on 218.30.22.142
Discovered open port 993/tcp on 218.30.22.142
Discovered open port 80/tcp on 218.30.22.142
Discovered open port 3306/tcp on 218.30.22.142
Discovered open port 143/tcp on 218.30.22.142
Discovered open port 443/tcp on 218.30.22.142
Discovered open port 617/tcp on 218.30.22.142
Completed SYN Stealth Scan at 14:53, 7.08s elapsed (1000 total ports)
Initiating Service scan at 14:53
Scanning 11 services on 218.30.22.142
Completed Service scan at 14:54, 27.37s elapsed (11 services on 1 host)
Initiating RPCGrind Scan against 218.30.22.142 at 14:54
Completed RPCGrind Scan against 218.30.22.142 at 14:54, 6.10s elapsed (2 ports)
Initiating OS detection (try #1) against 218.30.22.142
Retrying OS detection (try #2) against 218.30.22.142
Initiating Traceroute at 14:54
Completed Traceroute at 14:54, 3.25s elapsed
Initiating Parallel DNS resolution of 16 hosts. at 14:54
Completed Parallel DNS resolution of 16 hosts. at 14:54, 6.43s elapsed
NSE: Script scanning 218.30.22.142.
Initiating NSE at 14:54
Completed NSE at 14:54, 6.05s elapsed
Nmap scan report for 218.30.22.142
Host is up (0.45s latency).
Not shown: 988 closed ports
PORT     STATE    SERVICE              VERSION
22/tcp   open     ssh                  OpenSSH 4.3 (protocol 2.0)
| ssh-hostkey: 1024 88:d0:35:55:29:95:d7:13:75:a1:fd:42:72:30:10:46 (DSA)
|_2048 7a:d5:7f:3e:6f:76:f1:a3:a7:3c:a4:85:12:80:fa:b2 (RSA)
25/tcp   open     smtp                 Sendmail 8.13.8/8.13.8
| smtp-commands: localhost.localdomain Hello ip-78-102-64-245.net.upcbroadband.cz [78.102.64.245], pleased to meet you, ENHANCEDSTATUSCODES, PIPELINING, 8BITMIME, SIZE, DSN, ETRN, AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN, DELIVERBY, HELP, 
|_ 2.0.0 This is sendmail 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS 2.0.0 For more info use "HELP <topic>". 2.0.0 To report bugs in the implementation see 2.0.0 http://www.sendmail.org/email-addresses.html 2.0.0 For local information send email to Postmaster at your site. 2.0.0 End of HELP info 
80/tcp   open     http                 Apache httpd 2.2.3 ((CentOS))
|_http-methods: No Allow or Public header in OPTIONS response (status code 301)
| http-robots.txt: 22 disallowed entries (15 shown)
| /api/ /data/ /source/ /install/ /template/ /config/ 
| /uc_client/ /uc_server/ /static/ /admin.php /search.php 
|_/member.php /api.php /misc.php /connect.php
|_http-favicon: Unknown favicon MD5: C028C4822428E83A358C60A93EF65381
| http-title:  \xE0\xCB\xBF\xCD\xCD\xF8 - 
|_Requested resource was http://218.30.22.142/home.php
110/tcp  open     pop3                 Dovecot pop3d
|_pop3-capabilities: USER CAPA UIDL TOP OK(K) RESP-CODES PIPELINING STLS SASL(PLAIN)
111/tcp  open     rpcbind (rpcbind V2) 2 (rpc #100000)
| rpcinfo: 
|   program version   port/proto  service
|   100000  2            111/tcp  rpcbind
|   100000  2            111/udp  rpcbind
|   100024  1            614/udp  status
|_  100024  1            617/tcp  status
143/tcp  open     imap                 Dovecot imapd
|_imap-capabilities: LOGIN-REFERRALS completed AUTH=PLAINA0001 OK Capability UNSELECT THREAD=REFERENCES STARTTLS IMAP4rev1 NAMESPACE SORT CHILDREN LITERAL+ IDLE SASL-IR MULTIAPPEND
179/tcp  filtered bgp
443/tcp  open     ssl/http             Apache httpd 2.2.3 ((CentOS))
| ssl-cert: Subject: commonName=centos142/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
| Issuer: commonName=centos142/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
| Public Key type: rsa
| Public Key bits: 1024
| Not valid before: 2010-08-10 09:39:10
| Not valid after:  2011-08-10 09:39:10
| MD5:   36cc c5eb 8f86 40e3 187e fb7a 9452 5104
|_SHA-1: c484 0c65 c16d 29f6 7b6d 60b9 2144 9e6f 8f11 96bf
| http-methods: GET HEAD POST OPTIONS TRACE
| Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Apache HTTP Server Test Page powered by CentOS
617/tcp  open     status (status V1)   1 (rpc #100024)
993/tcp  open     ssl/imap             Dovecot imapd
|_sslv2: server still supports SSLv2
| ssl-cert: Subject: commonName=imap.example.com
| Issuer: commonName=imap.example.com
| Public Key type: rsa
| Public Key bits: 1024
| Not valid before: 2010-12-20 07:11:44
| Not valid after:  2011-12-20 07:11:44
| MD5:   7277 43be 16bc 1249 bca2 19fb 191f 5feb
|_SHA-1: 4d21 0437 7bb3 ab70 ba38 d6f4 da61 d971 2ea9 fe30
|_imap-capabilities: LOGIN-REFERRALS completed OK Capability UNSELECT THREAD=REFERENCES AUTH=PLAINA0001 IMAP4rev1 NAMESPACE SORT CHILDREN LITERAL+ IDLE SASL-IR MULTIAPPEND
995/tcp  open     ssl/pop3             Dovecot pop3d
|_sslv2: server still supports SSLv2
| ssl-cert: Subject: commonName=imap.example.com
| Issuer: commonName=imap.example.com
| Public Key type: rsa
| Public Key bits: 1024
| Not valid before: 2010-12-20 07:11:44
| Not valid after:  2011-12-20 07:11:44
| MD5:   7277 43be 16bc 1249 bca2 19fb 191f 5feb
|_SHA-1: 4d21 0437 7bb3 ab70 ba38 d6f4 da61 d971 2ea9 fe30
|_pop3-capabilities: OK(K) CAPA RESP-CODES UIDL PIPELINING USER TOP SASL(PLAIN)
3306/tcp open     mysql                MySQL 5.0.95
| mysql-info: Protocol: 10
| Version: 5.0.95
| Thread ID: 7845
| Some Capabilities: Connect with DB, Compress, Transactions, Secure Connection
| Status: Autocommit
|_Salt: YxpIZi$s9ba?UoO}H/S2
Device type: general purpose|PBX|printer|WAP
Running (JUST GUESSING): Linux 2.6.X|2.4.X (97%), HP embedded (91%), Linksys embedded (91%), Citrix Linux 2.6.X (91%)
OS CPE: cpe:/o:linux:kernel:2.6 cpe:/o:linux:kernel:2.6.18 cpe:/o:linux:kernel:2.4 cpe:/o:citrix:linux:2.6
Aggressive OS guesses: Linux 2.6.9 - 2.6.30 (97%), Linux 2.6.22 - 2.6.23 (96%), Linux 2.6.23 (95%), Linux 2.6.9 - 2.6.18 (94%), Linux 2.6.24 - 2.6.36 (94%), Linux 2.6.9 - 2.6.24 (94%), Linux 2.6.9 - 2.6.31 (94%), Linux 2.6.13 - 2.6.31 (94%), Linux 2.6.18 (94%), Linux 2.6.9 (94%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 27.067 days (since Wed Feb 22 13:18:58 2012)
Network Distance: 18 hops
TCP Sequence Prediction: Difficulty=204 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: localhost.localdomain; OS: Unix

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   1.75 ms   192.168.0.1
2   ...
3   11.21 ms  ip-86-49-52-129.net.upcbroadband.cz (86.49.52.129)
4   12.98 ms  ip-81-27-201-33.net.upcbroadband.cz (81.27.201.33)
5   194.13 ms 84.116.221.37
6   194.49 ms de-fra03a-rd1-xe-2-1-0.aorta.net (213.46.160.41)
7   215.86 ms 84.116.132.81
8   113.52 ms 84.116.137.34
9   187.76 ms 84.116.137.38
10  189.66 ms 213-46-190-218.aorta.net (213.46.190.218)
11  188.05 ms 202.97.50.53
12  391.51 ms 202.97.51.65
13  411.56 ms 202.97.53.241
14  412.47 ms 202.97.53.145
15  422.34 ms 202.97.65.38
16  424.02 ms 218.30.19.202
17  ...
18  435.31 ms 218.30.22.142

NSE: Script Post-scanning.
Initiating NSE at 14:54
Completed NSE at 14:54, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 68.78 seconds
           Raw packets sent: 1072 (48.552KB) | Rcvd: 1066 (45.038KB)
Cisco CCIE #46985 Immagine
CCNP R&S, CCNA Wireless and Security
Avatar utente
anubisg1
Cisco pathologically enlightened user
Messaggi: 218
Iscritto il: lun 18 ott , 2010 11:05 am
Località: Brno

per adesso sembra si sia fermato...

la domanda è la stessa.. cosa consigliate di fare??

Codice: Seleziona tutto

Gateway#sh access-list 100    
Extended IP access list 100
    10 deny tcp host 218.30.22.142 any (2034 matches)
    20 permit tcp 10.0.0.0 0.255.255.255 any eq telnet
    30 permit tcp 192.168.0.0 0.0.0.255 any eq telnet
    40 permit tcp any any eq 22
    50 deny tcp any any log
Gateway# sh clock             
15:04:19.706 ROME Tue Mar 20 2012
Gateway#sh access-list 100
Extended IP access list 100
    10 deny tcp host 218.30.22.142 any (2034 matches)
    20 permit tcp 10.0.0.0 0.255.255.255 any eq telnet
    30 permit tcp 192.168.0.0 0.0.0.255 any eq telnet
    40 permit tcp any any eq 22
    50 deny tcp any any log
Cisco CCIE #46985 Immagine
CCNP R&S, CCNA Wireless and Security
Avatar utente
anubisg1
Cisco pathologically enlightened user
Messaggi: 218
Iscritto il: lun 18 ott , 2010 11:05 am
Località: Brno

ho aggiunto queste righe di config per il momento.. non so se basti..

Codice: Seleziona tutto

security authentication failure rate 5 log
login block-for 240 attempts 4 within 120
login delay 2
login quiet-mode access-class 20

Gateway#sh access-list 20
Standard IP access list 20
    10 permit 192.168.0.8
Gateway#sh login
     A login delay of 2 seconds is applied.
     Quiet-Mode access list 20 is applied.

     Router enabled to watch for login Attacks.
     If more than 4 login failures occur in 120 seconds or less,
     logins will be disabled for 240 seconds.

     Router presently in Normal-Mode.
     Current Watch Window
         Time remaining: 30 seconds.
         Login failures for current window: 0.
     Total login failures: 74.

in questo modo, se provo a collegarmi dal mio pc non dovrei mai essere tagliato fuori. inoltre ho deciso di loggare tutti i login "successful" e sto pensando di mettere su un server syslog
Cisco CCIE #46985 Immagine
CCNP R&S, CCNA Wireless and Security
Rizio
Messianic Network master
Messaggi: 1158
Iscritto il: ven 12 ott , 2007 2:48 pm
Contatta:

Non sò se sui router è possibile però la cosa migliore è sempre cambiare la porta di default su cui è in ascolto il server ssh. Prova a cercare se è possibile, la cosa interessa anche me :)

Perchè del resto, per quanto ne sò io un'acl come quella che hai messo tu è sufficiente, poi magari aspettiamo anche risposte dai più preparati in security (Es. il buon vecchio Ghira ;) )

Rizio
Si vis pacem para bellum
Avatar utente
anubisg1
Cisco pathologically enlightened user
Messaggi: 218
Iscritto il: lun 18 ott , 2010 11:05 am
Località: Brno

si si.. quello è fattibilissimo:

Codice: Seleziona tutto

ip ssh port ?
  <2000-10000>  Starting Port number
per loggare i login successful basta il comando

Codice: Seleziona tutto

login on-success log
vediamo un pò.. vediamo... per adesso si è fermato..
Cisco CCIE #46985 Immagine
CCNP R&S, CCNA Wireless and Security
Avatar utente
anubisg1
Cisco pathologically enlightened user
Messaggi: 218
Iscritto il: lun 18 ott , 2010 11:05 am
Località: Brno

ricapitolando.. ecco la mia config attuale (parti che ci interessano)

Codice: Seleziona tutto

Gateway#sh run | i aaa|login|ssh|security
security authentication failure rate 5 log
aaa new-model
aaa authentication login default group radius local enable
aaa authorization exec default group radius if-authenticated 
aaa accounting exec default start-stop group radius
aaa accounting system default start-stop group radius
aaa session-id common
login block-for 240 attempts 4 within 120
login delay 2
login quiet-mode access-class 20
login on-success log
ip ssh time-out 60
ip ssh version 2

Gateway#sh run | s line vty
line vty 0 4
 access-class 100 in
 exec-timeout 15 0
 logging synchronous
 transport input telnet ssh


Gateway#sh access-lists 20
Standard IP access list 20
    10 permit 192.168.0.8

Gateway#sh access-lists 100
Extended IP access list 100
    10 deny tcp host 218.30.22.142 any (2034 matches)
    20 permit tcp 10.0.0.0 0.255.255.255 any eq telnet
    30 permit tcp 192.168.0.0 0.0.0.255 any eq telnet (3 matches)
    40 permit tcp any any eq 22 (42 matches)
    50 deny tcp any any log

Cisco CCIE #46985 Immagine
CCNP R&S, CCNA Wireless and Security
Rizio
Messianic Network master
Messaggi: 1158
Iscritto il: ven 12 ott , 2007 2:48 pm
Contatta:

anubisg1 ha scritto:si si.. quello è fattibilissimo:

Codice: Seleziona tutto

ip ssh port ?
  <2000-10000>  Starting Port number
Allora ti basta semplicemente spostare il server ssh in ascolto su un'altra porta, meglio se "strana".
Quelli che rompono le scatole sul tuo router sono solo bot programmati e provano solo sulla 22 con i classici username e passgour (Eg. admin admin, root root, etc...etc...).
Se sposti la porta li seghi via in toto tutti quanti senza nemmen opassare dal via.

Fidaty, io lo faccio normalmente sui server e vivo tanto tanto felice :D

Rizio
Si vis pacem para bellum
Rizio
Messianic Network master
Messaggi: 1158
Iscritto il: ven 12 ott , 2007 2:48 pm
Contatta:

Rizio ha scritto:
anubisg1 ha scritto:si si.. quello è fattibilissimo:

Codice: Seleziona tutto

ip ssh port ?
  <2000-10000>  Starting Port number
Allora ti basta semplicemente spostare il server ssh in ascolto su un'altra porta, meglio se "strana".
Quelli che rompono le scatole sul tuo router sono solo bot programmati e provano solo sulla 22 con i classici username e passgour (Eg. admin admin, root root, etc...etc...).
Se sposti la porta li seghi via in toto tutti quanti senza nemmen opassare dal via.

Fidaty, io lo faccio normalmente sui server e vivo tanto tanto felice :D

Sicuro però che non stai visualizzando il comando per le connessioni ssh VERSO l'esterno vero!?

Rizio
Si vis pacem para bellum
Avatar utente
ghira
Holy network Shaman
Messaggi: 668
Iscritto il: mer 30 mar , 2011 5:25 pm

E' davvero necessario poter entrare in questo router da tutto il mondo? Mi sembra difficile.

Potresti guardare http://www.portknocking.org/

o http://home.nuug.no/~peter/pf/
Avatar utente
anubisg1
Cisco pathologically enlightened user
Messaggi: 218
Iscritto il: lun 18 ott , 2010 11:05 am
Località: Brno

ghira ha scritto:E' davvero necessario poter entrare in questo router da tutto il mondo? Mi sembra difficile.

Potresti guardare http://www.portknocking.org/

o http://home.nuug.no/~peter/pf/
pensavo di bloccare anche io il range di IP cinesi.. per il resto, io accedo da IP in US (dal mio ufficio siamo usciamo da li) e da ip Italiani e della Repubblica Ceca
Cisco CCIE #46985 Immagine
CCNP R&S, CCNA Wireless and Security
Avatar utente
ghira
Holy network Shaman
Messaggi: 668
Iscritto il: mer 30 mar , 2011 5:25 pm

usi " ip verify unicast source reachable-via rx allow-default"?

potresti usare EEM (o qualcosa di simile) per aggiungere rotte statiche
a null0 per indirizzi che falliscono troppe volte, (e usare kron per
cancellare queste rotte statiche dopo qualche ora, volendo).

il problema e' che potresti finire con un numero altissimo di rotte statiche.

magari potresti fare qualcosa con tcp intercept - ma non sembra perche'
quello e' per un altro tipo di problema, forse.
Avatar utente
anubisg1
Cisco pathologically enlightened user
Messaggi: 218
Iscritto il: lun 18 ott , 2010 11:05 am
Località: Brno

ghira ha scritto:usi " ip verify unicast source reachable-via rx allow-default"?

potresti usare EEM (o qualcosa di simile) per aggiungere rotte statiche
a null0 per indirizzi che falliscono troppe volte, (e usare kron per
cancellare queste rotte statiche dopo qualche ora, volendo).

il problema e' che potresti finire con un numero altissimo di rotte statiche.

magari potresti fare qualcosa con tcp intercept - ma non sembra perche'
quello e' per un altro tipo di problema, forse.

no, non ho niente di tutto cio'.. non so cosa sia :/

in ambito security sono praticamente a 0..
Cisco CCIE #46985 Immagine
CCNP R&S, CCNA Wireless and Security
Avatar utente
ghira
Holy network Shaman
Messaggi: 668
Iscritto il: mer 30 mar , 2011 5:25 pm

anubisg1 ha scritto:

no, non ho niente di tutto cio'.. non so cosa sia :/

in ambito security sono praticamente a 0..
Il tuo router _avra'_ verify unicast ecc. e EEM (e compagnia). Nota: io
finora ho usato EEM una sola volta. Ma sugli switch extreme ho usato
roba analoga. Documentati su EEM. E' una di quelle cose che puo'
fare quasi tutto.
Avatar utente
rain3
Network Emperor
Messaggi: 266
Iscritto il: gio 31 lug , 2008 4:55 pm
Località: Battipaglia (SA)

Io spesso su linux uso il portknocking si puo' fare su cisco ? non ho mai cercato info .
CCNA 640-802
CCNP SWITCH 642-813
Rispondi