Add signature for bird/ unwanted peerings

Comments (4)

1. 

   Kevin Zheng

   • changed component to parser

   Running bird with bgp peering, invalid peers try to connect:

   ‌

   May 21 22:11:18 router1 bird: BGP: Unexpected connect from unknown address 107.6.171.130 (port 51798)
   May 21 22:11:20 router1 bird: BGP: Unexpected connect from unknown address 107.6.171.130 (port 38278)
   May 21 22:11:22 router1 bird: BGP: Unexpected connect from unknown address 107.6.171.130 (port 41872)
   May 21 22:11:24 router1 bird: BGP: Unexpected connect from unknown address 107.6.171.130 (port 44464)
   May 21 22:11:26 router1 bird: BGP: Unexpected connect from unknown address 107.6.171.130 (port 46784)
   

   ‌

   This should be blocked, because the requests are unwanted

   • 2019-05-23T16:45:47+00:00
2. 

   Nico Schottelius reporter

   Is there anything I can do for including it into sshguard?

   • 2019-06-04T12:29:59+00:00
3. 

   Kevin Zheng

   You can contribute a patch to sshg-parser (source in src/parser). Most of the interesting logic is in attack_scanner.l and attacker_parser.y. I’ve been busy so I haven’t been able to put this in, but your attack signature seems relatively straightforward.

   • 2019-06-05T15:52:16+00:00
4. 

   Kevin Zheng

   • changed status to open

   • 2019-06-05T15:52:22+00:00
5. Log in to comment