Thanks Lonnie. Google found this... http://serverfault.com/questions/579648/custom-filter-for-fail2ban so someone else ran into the same issue and basically added a filter to /etc/fail2ban. Do we have an equivalent?
I'm going to be away for next week plus... so won't be able to do anything for a while. In the meantime they have no respect for the holidays and have started trying from a different IP... Dec 25 05:44:47 pbx daemon.info racoon: ERROR: Invalid exchange type 243 from 93.81.145.36[500]. Dec 25 05:45:01 pbx daemon.info racoon: ERROR: Invalid exchange type 243 from 93.81.145.36[500]. Dec 25 05:45:16 pbx daemon.info racoon: ERROR: Invalid exchange type 243 from 93.81.145.36[500]. Dec 25 05:45:25 pbx daemon.info racoon: ERROR: Invalid exchange type 243 from 93.81.145.36[500]. Thanks David On Fri, Dec 25, 2015 at 9:37 AM, Lonnie Abelbeck <li...@lonnie.abelbeck.com> wrote: > Merry Christmas David, > > +1 to Michael's answer. > > Here is the same topic for pfSense... > > Topic: Somebody hacking my IPsec VPN? > https://forum.pfsense.org/index.php?topic=39044.0 > > Topic: Banning or throttling users making invalid connection attempts? > https://forum.pfsense.org/index.php?topic=72640.0 > (Unfortunately without any replies) > > So you are not alone, we could consider adding a "racoon" filter type to > Adaptive ban. The first concern is to make sure it is useful in practice > and not subject to false-banning for normal use. > > Possibly a look at the latest Fail2Ban to see if "racoon" has been added. > And if not wonder why. > > Clearly if you use a certificate for your IPsec server then you should be > good, but I understand the added logs are annoying. > > Lonnie > > > On Dec 24, 2015, at 11:24 PM, David Kerr <da...@kerr.net> wrote: > > > Firstly happy christmas to all. > > > > Now my question, should adaptive ban pick up on the following? I'm > getting attacked again but neither of these IP's are getting added to the > ban list. As far as I can tell the adaptive ban plugin is active... > > > > ENABLED=1 > > ADAPTIVE_BAN_FILE="/var/log/messages" > > ADAPTIVE_BAN_TIME=90 > > ADAPTIVE_BAN_COUNT=3 > > ADAPTIVE_BAN_TYPES="sshd asterisk lighttpd" > > > > Dec 23 20:40:09 pbx daemon.info > > racoon: ERROR: Invalid exchange type 37 from 129.192.165.10[4500]. > > Dec 23 20:40:14 pbx > > daemon.info > > ... > > > Dec 24 20:57:35 pbx daemon.info > > racoon: ERROR: Invalid exchange type 243 from 101.165.98.245[500]. > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. >
------------------------------------------------------------------------------
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
