Re: [Fail2ban-users] Strange IP is banned by fail2ban

[r fancher via Fail2ban-users]

Denis,
This is due to IP spoofing, you might want to add this to your firewall, I use 
iptables
iptables -N spoofingiptables -I spoofing -j LOG --log-prefix "Spoofed source 
IP"iptables -I spoofing -j DROPiptables -A INPUT -s 255.0.0.0/8 -j 
spoofingiptables -A INPUT -s 0.0.0.8/8 -j spoofing



      From: Denis Rasulev <rankl...@gmail.com>
 To: kaffeesurro...@posteo.de 
Cc: fail2ban-users@lists.sourceforge.net
 Sent: Wednesday, October 31, 2018 10:01 AM
 Subject: Re: [Fail2ban-users] Strange IP is banned by fail2ban
   
Dear kaffeesurrogat,

You are not in a danger to block all the traffic.

0.0.0.0 is a non-routable meta-address used to designate an invalid, unknown or 
non applicable target (a no particular address placeholder).

I would advise to look at /var/log/auth.log entries containing this address and 
try to understand what causes them.

Regards,
Denis Rasulev

> On 31 Oct 2018, at 10:52, kaffeesurrogat <kaffeesurro...@posteo.de> wrote:
> 
> Dear all,
> 
> i'm new to the list. Unfortunately I'am not an expert at all, but I'm trying 
> my best to understand fail2ban and the world of IP-adressing.
> 
> I've got this email-message from fail2ban:
> 
> ############################################################
> 
> Hi,
> 
> The IP 0.0.0.0 has just been banned by Fail2Ban after
> 1 attempts against sshd.
> 
> 
> Here is more information about 0.0.0.0 :
> 
> Für diese Art von Objekten ist kein Whois-Server bekannt.
> missing whois program
> 
> 
> Lines containing IP:0.0.0.0 in /var/log/auth.log
> 
> 
> Regards,
> 
> Fail2Ban
> 
> 
> ############################################################
> 
> 
> 
> This is confusing to me, because the IP address does not make any sence to me.
> 
> How can anybody have an IP Address of 0.0.0.0 ? Is this any kind of special 
> IP - Address ? Why does it show up in my sshd jail ? Is it some kind of 
> loopback-device address ? Some kind of broadcast ? Am I in danger of blocking 
> all the traffic ?
> 
> Thanks so much for clarification,
> 
> kaffeesurroagt
> 
> 
> 
> 
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users



_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users


   

_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users