Attack from strange IP address, how to block?

Question

Looking through the mail logs I've noticed a lot of these:

Apr  7 11:33:25 s123456 pop3d: IMAP connect from @ [::ffff:192.96.206.9]checkmailpasswd: FAILED: web14p3 - short names not allowed from @ [::ffff:192.96.206.9]ERR: LOGIN FAILED, ip=[::ffff:192.96.206.9]
Apr  7 11:33:26 s123456 pop3d: Connection, ip=[::ffff:192.96.206.9]

I'm using IPTables to block stuff but this one has me stumped. Is this an IPv6 address, or an IPv4 address and, with that, how do I block it using IPv4 IP tables or IPv6 IP tables? Or something totally different?

score 0 · Answer 1 · answered Apr 07 '14 at 10:52

Addresses from the ::ffff:0:0/96 range are used when the traffic on the network is IPv4 but the application is using an IPv6 API to communicate with the kernel.

If you want to apply firewall rules to such traffic, the rules need to be IPv4 because that is what the traffic is on the network.

Attack from strange IP address, how to block?

1 Answers1