Am So., 14. Aug. 2022 um 16:42 Uhr schrieb Reco :
> whois, geoiplookup, even https://bgp.he.net .
> Whatever works, basically.
> Last one is my favorite as it shows all IP blocks assigned to AS.
> Really helpful with spammer nests such as outlook.com (AS8075) or
> DigitalOcean (AS14061).
>
> > Is
On 8/14/22, Matthias Böttcher wrote:
> Am So., 14. Aug. 2022 um 09:51 Uhr schrieb Reco :
>
>> Personally I don't use fail2ban for sshd. Because why bother with
>> userspace (written in python too, yuck) if the kernel does the same job?
>> I.e. block M$ AS, China Telecom AS and maybe add Eastern
On Sun, 14 Aug 2022 16:07:03 +0200
Matthias Böttcher wrote:
> Am So., 14. Aug. 2022 um 09:51 Uhr schrieb Reco
> :
>
> > Personally I don't use fail2ban for sshd. Because why bother with
> > userspace (written in python too, yuck) if the kernel does the same
> > job? I.e. block M$ AS, China
Hi.
On Sun, Aug 14, 2022 at 04:07:03PM +0200, Matthias Böttcher wrote:
> how do I block these ip ranges?
The usual way.
iptables -I INPUT -s -p tcp --dport 22 \
-m conntrack --ctstate NEW -j DROP
or, if the source IP is an actual IPv6 (a rare thing in my experience):
Am So., 14. Aug. 2022 um 09:51 Uhr schrieb Reco :
> Personally I don't use fail2ban for sshd. Because why bother with
> userspace (written in python too, yuck) if the kernel does the same job?
> I.e. block M$ AS, China Telecom AS and maybe add Eastern Europe to the
> mix, and you've just reduced
Hi.
On Sun, Aug 14, 2022 at 09:16:25AM -0400, Stefan Monnier wrote:
> > In fact, I'd restrict allowed SSH algorithms like this:
> >
> > Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com
> > MACs
> >
Hi.
On Sun, Aug 14, 2022 at 08:57:47AM +0200, Maurizio Caloro wrote:
> Thanks for you answer, yes add aggressive to mode, restart services and add
> to ssh_config
>
> Host *
> HostKeyAlgorithms +ssh-rsa,ssh-dss
> PubkeyAcceptedKeyTypes +ssh-rsa,ssh-dss
Please do not do this
On Sat, Aug 13, 2022 at 07:42:28PM +0200, Maurizio Caloro wrote:
>As /etc/fail2ban/filter.d/sshd.conf shows, "no matching host key type"
>messages are specifically ignored by Mode=normal.
>Try setting Mode=aggressive, it should catch those.
>
>Of course, DROPping ssh connections from AS28594
Hi.
On Sat, Aug 13, 2022 at 07:42:28PM +0200, Maurizio Caloro wrote:
> how I can disable this?, I try solution with failban, but this want be
> help!?
>
> [sshd]
> Enable = true
> Mode = normal
As /etc/fail2ban/filter.d/sshd.conf shows, "no matching host key type"
messages are
every 2-3 second this log will by appair inside auth log, and i cant place
this correctly from where this come?
Aug 13 19:25:26 Cruscotto sshd[257257]: Unable to negotiate with
200.218.251.153 port 34480: no matching host key type found. Their offer:
10 matches
Mail list logo
