Has anyone else noticed the use of rolling /24 IP addresses to avoid
fail2ban being triggered?
In reviewing my logs I noticed that I was getting a bunch of attempts
from 5.188.211.{14,15,16,17,...}, spread out over a long enough interval
that fail2ban did not see them as a bad actor.
Has anyone else seen the same?
And is there a way to help fail2ban recognise attempts from the same set
of Class C addresses?
Cheers,
Gary B-)
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
