I'm seeing entries in my auth log like this:
Feb 22 10:19:45 myhost sshd[24551]: Connection from 118.126.65.175
port 59244 on x.x.x.x port 22
Feb 22 10:19:45 myhost sshd[24551]: Did not receive identification
string from 118.126.65.175 port 59244
There is no login attempt, so f2b is not noticing, but someone has
stumbled upon the non-standard port I'm running sshd off of. I
assume this is some sort of NMAP probe?
Is there a way to set up a rule to trigger a ban from this type of
activity? Can this be done without triggering legit connections?
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
