[CentOS] Odd issue with fail2ban
m.roth at 5-cent.us
m.roth at 5-cent.us
Mon Aug 13 16:56:03 UTC 2012
Gé Weijers wrote:
> On Mon, Aug 13, 2012 at 9:01 AM, Leonard den Ottolander
> <leonard at den.ottolander.nl> wrote:
>> Hello Mark,
>>
>> On Mon, 2012-08-13 at 11:30 -0400, m.roth at 5-cent.us wrote:
>>> Aug 10 17:44:56 <my server> sshd[12350]: Connection from
>>> 114.113.199.142 port 511 871
>>> Aug 10 17:44:57 <my server> sshd[12341]: Received disconnect from
>>> 114.113.199.144 2: 11: Bye Bye
>>
>> The above looks like someone connecting then disconnecting without even
>> attempting a login.
>
> Some attack programs are too stupid to give up even if they find that
> password and keyboard interactive authentication is turned off. One
> kept trying for weeks.
Then there are the ones who don't realize that, but are the low-flyers,
that spend weeks trying to break in, but at the same time hit slowly, so
that they won't be noticed by programs like fail2ban.
mark
More information about the CentOS
mailing list