On 06/08/2019 00:12, Jon LaBadie wrote:
On Mon, Aug 05, 2019 at 09:31:56AM +0100, Giles Coochey wrote:
On 05/08/2019 09:18, Pete Biggs wrote:
I've found the default 10min bans hardly bother some attackers.
So I've added the "recidive" feature of fail2ban. After the
second 10min ban, the
On Mon, Aug 05, 2019 at 09:31:56AM +0100, Giles Coochey wrote:
>
> On 05/08/2019 09:18, Pete Biggs wrote:
> > > I've found the default 10min bans hardly bother some attackers.
> > > So I've added the "recidive" feature of fail2ban. After the
> > > second 10min ban, the attacker is blocked for 1
On Mon, Aug 05, 2019 at 09:00:23AM +0100, Giles Coochey wrote:
>
> On 05/08/2019 08:50, Jon LaBadie wrote:
> >
> > I've found the default 10min bans hardly bother some attackers.
> > So I've added the "recidive" feature of fail2ban. After the
> > second 10min ban, the attacker is blocked for 1
On 05/08/2019 09:18, Pete Biggs wrote:
I've found the default 10min bans hardly bother some attackers.
So I've added the "recidive" feature of fail2ban. After the
second 10min ban, the attacker is blocked for 1 week.
Oh definitely. My systems are set to "3 bans and you're out" - a
recidive
>
> I've found the default 10min bans hardly bother some attackers.
> So I've added the "recidive" feature of fail2ban. After the
> second 10min ban, the attacker is blocked for 1 week.
>
Oh definitely. My systems are set to "3 bans and you're out" - a
recidive ban is permanent after three
On 05/08/2019 08:50, Jon LaBadie wrote:
I've found the default 10min bans hardly bother some attackers.
So I've added the "recidive" feature of fail2ban. After the
second 10min ban, the attacker is blocked for 1 week.
Interesting, didn't know about that feature, but, oh, I just generally
On Sat, Aug 03, 2019 at 04:50:05PM +0100, Giles Coochey wrote:
>
> On 02/08/2019 19:38, Jon LaBadie wrote:
> > On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote:
> > > Fred Smith wrote:
> > > > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
> > >
>
> I've been using fail2ban for some
On 02/08/2019 19:38, Jon LaBadie wrote:
On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote:
Fred Smith wrote:
On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
One thing I don't understand is how/why the firewall is DROPping so
many attempts on port 25 when it in fact has a port
> On Fri, Aug 02, 2019 at 02:43:30PM -0400, Fred Smith wrote:
>> On Fri, Aug 02, 2019 at 02:38:05PM -0400, Jon LaBadie wrote:
>> > On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote:
>> > > Fred Smith wrote:
>> > > > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
>> > >
>> > > > One
Can't help with the mystery port 48825. But I find your approach truly
creative!
-- Kay
On 8/1/19 8:53 PM, Fred Smith wrote:
I know this is OT, but I'm not sure where else to ask. I can hope for
fogiveness! :)
My home router sends its logs to the rsyslog on my desktop system, and
from
On Fri, Aug 02, 2019 at 02:43:30PM -0400, Fred Smith wrote:
> On Fri, Aug 02, 2019 at 02:38:05PM -0400, Jon LaBadie wrote:
> > On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote:
> > > Fred Smith wrote:
> > > > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
> > >
> > > > One thing I
On Fri, Aug 02, 2019 at 02:38:05PM -0400, Jon LaBadie wrote:
> On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote:
> > Fred Smith wrote:
> > > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
> >
> > > One thing I don't understand is how/why the firewall is DROPping so
> > > many attempts
On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote:
> Fred Smith wrote:
> > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
>
> > One thing I don't understand is how/why the firewall is DROPping so
> > many attempts on port 25 when it in fact has a port forward rule sending
> > port 25 on
Fred Smith wrote:
> On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
> One thing I don't understand is how/why the firewall is DROPping so
> many attempts on port 25 when it in fact has a port forward rule sending
> port 25 on to my mailserver. How does it know, or why does it think that
>
On 02/08/2019 15:07, Fred Smith wrote:
and I didn't even mention the huge number of failed attempts on port
25. /var/log/maillog is full of systems trying to send spam, or trying
to DOS me with incompleted connection attempts, or just plain spamming
with mail for addresses not at this system.
On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote:
> Fred Smith wrote:
> > On Fri, Aug 02, 2019 at 08:22:06AM +0100, Pete Biggs wrote:
> >
> >>
> >>> This is just the first screen of it, there are many more. The data
> >>> compiled here is for the last month (rsyslog is keeping the current log
On 02/08/2019 14:12, Fred Smith wrote:
but the amount of attempted traffic on that port certainly does seem
like it could be a botnet banging on me.
One thing that you could try is to port forward that port to an actual
listening port (think like running nc/netcat in listening mode). That
Fred Smith wrote:
> On Fri, Aug 02, 2019 at 08:22:06AM +0100, Pete Biggs wrote:
>
>>
>>> This is just the first screen of it, there are many more. The data
>>> compiled here is for the last month (rsyslog is keeping the current log
>>> plus four older logs). I find it disturbing that there were
On Fri, Aug 02, 2019 at 08:22:06AM +0100, Pete Biggs wrote:
>
> > This is just the first screen of it, there are many more. The data
> > compiled here is for the last month (rsyslog is keeping the current
> > log plus four older logs). I find it disturbing that there were 12251
> > attempts at
> This is just the first screen of it, there are many more. The data
> compiled here is for the last month (rsyslog is keeping the current
> log plus four older logs). I find it disturbing that there were 12251
> attempts at telnet during that time, 2154 on 8080, and so forth. either
> I'm some
On 02/08/2019 04:58, John Pierce wrote:
On Thu, Aug 1, 2019 at 8:53 PM Fred Smith
wrote:
reveals that of all the source addresses trying to poke at 48825,
there are 193 unique addresses. Either this indicates a heck of a lot
of sites having at my firewall, or that some few sites are
On Thu, Aug 1, 2019 at 8:53 PM Fred Smith
wrote:
>
reveals that of all the source addresses trying to poke at 48825,
> there are 193 unique addresses. Either this indicates a heck of a lot
> of sites having at my firewall, or that some few sites are all spoofing
> their addresses. I can
I know this is OT, but I'm not sure where else to ask. I can hope for
fogiveness! :)
My home router sends its logs to the rsyslog on my desktop system, and
from there I can learn all kinds of interesting (or disturbing) things.
I've written a really horrid shellscript (about 20 things piped
23 matches
Mail list logo
