-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
(2010/07/09 10:35), Yaroslav Halchenko wrote:
However, as long as DNS is working properly, I found (from my server's
/var/log/auth.log) that this POSSIBLE BREAK-IN ATTEMPT comes only
from mass port scanning of weak ssh server from attackers.
Package: fail2ban
Version: 0.8.3-2sid1
Severity: normal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
fail2ban's sshd filter does not match the following attach attempt:
Jun 30 16:30:11 XXX sshd[28540]: reverse mapping checking getaddrinfo for
example.com [192.168.0.32] failed -
tags 588431 +wontfix
thanks
well -- if it indeed comes from 192.168.0.32, then you better alarm your
local network administrator since it is a private net address. Not sure
why/how your DNS resolves it to reserved example.com either.
Altogether, not sure if adding a rule catching 'reverse
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Thank you for your quick reply.
(2010/07/08 22:51), Yaroslav Halchenko wrote:
well -- if it indeed comes from 192.168.0.32, then you better alarm your
local network administrator since it is a private net address. Not sure
why/how your DNS
On Fri, 09 Jul 2010, Ryo IGARASHI wrote:
Well, I used example.com and 192.168.0.32 just to show that the entry is
an example. My local DNS is not affected :)
ah
I understand that DNS problem (or attack) might lead to Denial of
Service (DOS) for valid users on ssh.
good ;)
However, as long
5 matches
Mail list logo