Dear all,
I've recently noticed some packets coming in on port 22 (sshd) on my external interface from the 192.168.1.0/24 network. I don't have any local machines on this network and the packets are coming in on my WAN interface (via my router). How is that possible? My understanding was that this network was not routeable from the internet. I'm guessing someone is try to get at my sshd server. Below are the packets. Is there any way to get more info on where they are coming from?
Feb 20 20:02:14 tti kernel: iptables chain hostile: IN=eth1 OUT= MAC=00:0e:0c:dd:73:16:00:11:6e:00:f9:70:08:00 SRC=192.168.1.126 DST=172.16.251.61 LEN=228 TOS=0x10 PREC=0x00 TTL=47 ID=19109 DF PROTO=TCP SPT=38196 DPT=22 WINDOW=16022 RES=0x00 ACK PSH FIN URGP=0
I'm using iptables on a 2.6 Linux box.
Kevin