Over 1000+ lines in /var/log/messages

noqqkk

Found below same messages (Over 1000+ lines) in /var/log/messages (Centos).

What is this and what should I do. Many thanks.

web kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=00:16:3e:50:99:e0:00:15:c7:26:3b:00:08:00 SRC=116.31.116.30 DST=MY-IP-ADDRESS LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=18318 DF PROTO=TCP SPT=58125 DPT=22 WINDOW=29200 R$$9200 RES=0x00 SYN URGP=0

jar

Remove the directives for logging firewall hits from your iptables config.

seriesn

Traffic from 116.31.116.30 was blocked for port22.

@noqqkk said:
Found below same messages (Over 1000+ lines) in /var/log/messages (Centos).

What is this and what should I do. Many thanks.

web kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=00:16:3e:50:99:e0:00:15:c7:26:3b:00:08:00 SRC=116.31.116.30 DST=MY-IP-ADDRESS LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=18318 DF PROTO=TCP SPT=58125 DPT=22 WINDOW=29200 R$$9200 RES=0x00 SYN URGP=0

rincewind

Someone is trying to break-in to your server by brute-forcing SSH.

Install ufw and run ufw limit ssh.

Install fail2ban

Use Stribika's tutorial to secure your SSH configuration.

century1stop

only a thousand lines..............

Jarry

When you are logging this, use "limit" module (i.e. "-m limit --limit 3/minute -j LOG"). Otherwise you could fill up your log-partition quickly.

But personally I simply moved ssh to different port, and I do not log this at all. Instead I'm using ipsets and move there every source-ip trying to open connection to closed port.

noqqkk

Many thanks for your help