Merry Christmas David, +1 to Michael's answer.
Here is the same topic for pfSense... Topic: Somebody hacking my IPsec VPN? https://forum.pfsense.org/index.php?topic=39044.0 Topic: Banning or throttling users making invalid connection attempts? https://forum.pfsense.org/index.php?topic=72640.0 (Unfortunately without any replies) So you are not alone, we could consider adding a "racoon" filter type to Adaptive ban. The first concern is to make sure it is useful in practice and not subject to false-banning for normal use. Possibly a look at the latest Fail2Ban to see if "racoon" has been added. And if not wonder why. Clearly if you use a certificate for your IPsec server then you should be good, but I understand the added logs are annoying. Lonnie On Dec 24, 2015, at 11:24 PM, David Kerr <da...@kerr.net> wrote: > Firstly happy christmas to all. > > Now my question, should adaptive ban pick up on the following? I'm getting > attacked again but neither of these IP's are getting added to the ban list. > As far as I can tell the adaptive ban plugin is active... > > ENABLED=1 > ADAPTIVE_BAN_FILE="/var/log/messages" > ADAPTIVE_BAN_TIME=90 > ADAPTIVE_BAN_COUNT=3 > ADAPTIVE_BAN_TYPES="sshd asterisk lighttpd" > > Dec 23 20:40:09 pbx daemon.info > racoon: ERROR: Invalid exchange type 37 from 129.192.165.10[4500]. > Dec 23 20:40:14 pbx > daemon.info > ... > Dec 24 20:57:35 pbx daemon.info > racoon: ERROR: Invalid exchange type 243 from 101.165.98.245[500]. ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
