- changed component to parser
Add signature for bird/ unwanted peerings
Issue #118
open
Running bird with bgp peering, invalid peers try to connect:
May 21 22:11:18 router1 bird: BGP: Unexpected connect from unknown address 107.6.171.130 (port 51798)
May 21 22:11:20 router1 bird: BGP: Unexpected connect from unknown address 107.6.171.130 (port 38278)
May 21 22:11:22 router1 bird: BGP: Unexpected connect from unknown address 107.6.171.130 (port 41872)
May 21 22:11:24 router1 bird: BGP: Unexpected connect from unknown address 107.6.171.130 (port 44464)
May 21 22:11:26 router1 bird: BGP: Unexpected connect from unknown address 107.6.171.130 (port 46784)
This should be blocked, because the requests are unwanted
Comments (4)
-
-
reporter
Is there anything I can do for including it into sshguard?
-
You can contribute a patch to sshg-parser (source in src/parser). Most of the interesting logic is in attack_scanner.l and attacker_parser.y. I’ve been busy so I haven’t been able to put this in, but your attack signature seems relatively straightforward.
-
- changed status to open
- Log in to comment
Running bird with bgp peering, invalid peers try to connect:
This should be blocked, because the requests are unwanted