Bug#358810: fail2ban: add auto-abuse system based on ssh-probes

Wed, 06 Sep 2006 15:05:24 -0700 

Dear All,

Sorry for the incarnation of the discussion but I've decided to share it
with upstream since he is looking to do something "funny" ;-)

Cyril, if you decide to reply, please preserve
[EMAIL PROTECTED]
in CC

Thanks everyone

On Wed, 21 Jun 2006, Yaroslav Halchenko wrote:

> I'm wondering may be it would be better to reassign this bug over to
> fwlogwatch which was crafted for the purpose of generating such reports?
> So probably it just needs few rules to parse fail2ban log files... or
> actually can be just used in fwban action

> :-) what do you think?


> > apt-cache show fwlogwatch
> Package: fwlogwatch
> Depends: postfix | mail-transport-agent, debconf (>= 1.2.0) | debconf-2.0, 
> sysklogd | system-log-daemon, libc6 (>= 2.3.6-6), zlib1g (>= 1:1.2.1)
> Description: Firewall log analyzer
>  fwlogwatch produces ipchains, netfilter/iptables, ipfilter, Cisco IOS and
>  Cisco PIX log summary reports in text and HTML form and has a lot of
>  options to find and display relevant patterns in connection attempts. With
>  the data found it can also generate customizable incident reports from a
>  template and send them to abuse contacts at offending sites or CERT
>  coordination centers. Finally, it can also run as daemon and report
>  anomalies or start countermeasures.
> Tag: devel::library, interface::daemon, role::sw:server, 
> security::log-analyzer, use::scanning, works-with::logfile

> > also sprach Roel van der Made <[EMAIL PROTECTED]> [2006.06.21.1346 +0200]:
> > > Indeed, the preparation option would be nice, I now see hosts
> > > beeing blocked several times a day and nothing it beeing done with
> > > it anymore, which is a shame I think.
> > Do note that many of these attacks are auto-mounted. There is very
> > little an ISP can do when they receive a complaint about a host that
> > has been trojaned, unless their terms of contract require users to
> > maintain secure systems, which is impossible to prove or verify.
-- 
                                  .-.
=------------------------------   /v\  ----------------------------=
Keep in touch                    // \\     (yoh@|www.)onerussian.com
Yaroslav Halchenko              /(   )\               ICQ#: 60653192
                   Linux User    ^^-^^    [175555]

Attachment: pgpQ31k7Tcsib.pgp
Description: PGP signature

Reply via email to