Ubuntu: Strange SSHD connections



Question:

I have strange SSHD connection from 116.31.116.41:55439 its China telecom, do some know how to block it?

sshd    16016   root    3u  IPv4 4649469      0t0  TCP 104.XX.XX.XX:ssh->116.31.116.41:55439 (ESTABLISHED)  sshd    16017   sshd    3u  IPv4 4649469      0t0  TCP 104.XX.XX.XX:ssh->116.31.116.41:55439 (ESTABLISHED)      inetnum:    116.16.0.0 - 116.31.255.255  netname:    CHINANET-GD  descr:  CHINANET Guangdong province network  descr:  China Telecom  descr:  No.31,jingrong street  


Solution:1

You can simple enable UFW. More about UFW you can find here

sudo ufw enable  

When enable ufw without any allow rule everithing is deny.

Complete command for rule in ufw is

sudo ufw [--dry-run] [delete] [insert NUM]  allow|deny|reject|limit  [in|out on INTERFACE] [log|log-all] [proto protocol] [from ADDRESS [port PORT]][to ADDRESS [port PORT]]  

Based on this rule template you can allow from xxx.xxx.xxx.xxx on port 22 with this rule

for specific host

sudo ufw allow proto tcp from xxx.xxx.xxx.xxx to any port 22  

if you wont to allow any to access your web server

sudo ufw allow proto tcp from any to any port 80  

if you wish to allow access from specific network

sudo ufw allow proto tcp from xxx.xxx.xxx.xxx/yy to any port 80  

where

xxx.xxx.xxx.xxx - represent network ip

yy - represent network mask

If you have DNSservice on server use make rule for port 53 and proto tcp and proto udp.

sudo ufw allow proto tcp from xxx.xxx.xxx.xxx/yy to any port 53  sudo ufw allow proto udp from xxx.xxx.xxx.xxx/yy to any port 53  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »