Hmmm.... On second thought, perhaps that suggestion wasn't helpful
either. Apologies for the unhelpful posts. However I do think that
"psad" ("Port Scan Attack Detection") would get you the result you're
looking for:
https://www.digitalocean.com/community/tutorials/how-to-use-psad-to-detect-network-intrusion-attempts-on-an-ubuntu-vps
...right?
On Mon, Feb 20, 2017, at 02:05 PM, [email protected] wrote:
> Hmmm... Misunderstood your question.
> Not sure if this would work for you- will mention it just in case...
> ...I handle this one by allowing Public Key authentication only:
>
> # Upload a public key and disable other authentication methods
> # in /etc/ssh/sshd_config:
> ChallengeResponseAuthentication no
> KbdInteractiveAuthentication no
> PasswordAuthentication no
>
> On Mon, Feb 20, 2017, at 01:20 PM, J. Fahrner wrote:
> > Am 20.02.2017 um 18:56 schrieb [email protected]:
> > > Apache "Mod Evasive" can be configured to block based on rate
> > > (those scans are coming in at a rate of more than ten per second,
> > > apparently).
> >
> > Hi pjc904,
> > portscans have nothing to do with Apache. A portscan is, when someone
> > tries to find open ports on your system, and then tries to break in
> > using vulnerities of the service behind that port. Most likely they are
> > searching for ssh, telnet or ftp services to break in. To detect such
> > scans I closed all ports at the firewall (except those that I need) and
> > log attempts to connect. After 3 failures I ban the scanning host for 1
> > hour. My ssh daemon runs on a non-standard port, so it's likely that I
> > detect attempts to break in through ssh.
> >
> >
> > ------------------------------------------------------------------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> > _______________________________________________
> > Fail2ban-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
