See https://sourceforge.net/p/fail2ban/mailman/message/35739624/
1. rule to block probes on sshd? (Mike) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 22 Feb 2019 11:33:26 -0600 > From: Mike <[email protected]> > To: [email protected] > Subject: [Fail2ban-users] rule to block probes on sshd? > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii"; format=flowed > > > I'm seeing entries in my auth log like this: > > Feb 22 10:19:45 myhost sshd[24551]: Connection from 118.126.65.175 > port 59244 on x.x.x.x port 22 > Feb 22 10:19:45 myhost sshd[24551]: Did not receive identification > string from 118.126.65.175 port 59244 > > > There is no login attempt, so f2b is not noticing, but someone has > stumbled upon the non-standard port I'm running sshd off of. I > assume this is some sort of NMAP probe? > > Is there a way to set up a rule to trigger a ban from this type of > activity? Can this be done without triggering legit connections? > > > > > > > >
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
