Since 0.7.6,
approx when it is going to be released?
As soon as I finish cleaning the configuration files. Between this
evening and tomorrow I hope.
I thought that it might be useful to keep it as a separate jail since
someone with poor connection might experience 'legal' similar
connect
Hi Amaya,
(Now, if it was only a bit better documented.. maybe this is where I
could return some of the good karma and provide some patches or a quick
walkthrough). The wiki is very nice, though.
I know that the documentation s*** :( I try to improve it but as I'm not
a native English speake
> >Cyril - find attached a patch to ban ssh-ddos attacks. And indeed, we
> >should have some beer together -- users are complaining! ;-)
> Since 0.7.6,
approx when it is going to be released?
> several regular expressions are accepted in "failregex". So I will
> simply add the corresponding regula
Hi all,
Cyril - find attached a patch to ban ssh-ddos attacks. And indeed, we
should have some beer together -- users are complaining! ;-)
Since 0.7.6, several regular expressions are accepted in "failregex". So
I will simply add the corresponding regular expression to "sshd.conf".
Thank you
Hi there, Yaroslav and Cyril,
First of all, thanks for the terribly good job you are both doing in
fail2ban. It rocks!
Yaroslav Halchenko wrote:
> Just ICQ virtual drinks may be ;-) Or most of the time I just drink
> his part myself ;)
>
> Cyril - find attached a patch to ban ssh-ddos attacks. A
Aha - so majority of failures come from such really bad hosts -- good. I
think default value of 6 or maxfailures will be ok ;-)
11363 84.197.215.6
11246 84.122.103.178
6903 84.75.165.67
6229 84.57.82.198
6018 84.74.141.2
Thank you for the information!
> > that would be difficult - he is in Europ
Yaroslav Halchenko wrote:
> > Then I copied the attached sshd-ddos.conf to /etc/fail2ban/filter.d/
> > and restarted fail2ban.
> I would also run
> fail2ban-client status ssh-ddos
> to make sure that it is up ;-)
[EMAIL PROTECTED]> fail2ban-client status ssh-ddos
Status for the jail: ssh-ddos
|- f
> Then I copied the attached sshd-ddos.conf to /etc/fail2ban/filter.d/ and
> restarted fail2ban.
I would also run
fail2ban-client status ssh-ddos
to make sure that it is up ;-)
> I am still looking at what is happening, so that this gets tested before
> you and upstream have some beer ;)
that woul
Hi there!
Yaroslav Halchenko wrote:
> Have you tried fail2ban solution I've sent? does it work? what
> maxretry is a reasonable one?
I copied this section into my /etc/fail2ban/jail.conf:
[ssh-ddos]
enabled = true
port= ssh
filter = sshd-ddos
logpath
On Wed, 27 Dec 2006, Amaya wrote:
> > Ok - convinced now ;)
> I knew you would help me, because you rock!
> :)
Thank you ;-) I am not sure where such assurance comes from but I kinda
like it ;-)
> I can happily wait until next upload, I have been doing some nasty
> shell-scripting that deals wi
Yaroslav Halchenko wrote:
> Ok - convinced now ;)
I knew you would help me, because you rock!
:)
> Due to its specificity I would prefer to have it as an additional
> filter/jail as opposed to integrating it into existing ssh one.
I think this is even a better solution, that can be easily adapt
tag 494487 + pending
thanks
Ok - convinced now ;)
Due to its specificity I would prefer to have it as an additional
filter/jail as opposed to integrating it into existing ssh one.
So, please find attached filters.d file and relevant config for
jails.local is smth like following piece
NB feel f
Yaroslav Halchenko wrote:
> If you agree - close the bug. If not - bring your arguments ;-)
In my case it is a distributed DoS:
[EMAIL PROTECTED]>grep "Did not receive identification string from"
/var/log/auth.log /var/log/auth.log.0 | grep -v UNKNOWN | cut -f 12 -d
" "| sort -u | wc -l
94
[EMAI
I am afraid that this would be also a case for some valid clients which
go through some bad connection. Or in other words, this string does not
necessarily mean an attempt to get unauthorized access.
If you agree - close the bug. If not - bring your arguments ;-)
--
Package: fail2ban
Version: 0.7.5-2
Severity: wishlist
I am seeing a lot of "Did not receive identification string from " at my
/var/log/auth.log and fail2ban fails to catch them.
Thanks for your wonderful work!
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (990
15 matches
Mail list logo
