-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 22-02-16 17:57, Atnakus Arzah wrote:
> While looking through the fail2ban log files I noticed log lines
> such as below:
>
> 2016-02-21 18:25:07,598 fail2ban.filter [12834]: WARNING
> Determined IP using DNS Lookup: node1.i-surveillance.pro =
> ['212.83.170.26']
>
> From fail2ban manual this is due to the default setting
> "usedns=warn". I was wondering if there is any case where
> "usedns=no" might be problematic given that I want to ban traffic
> from specific IP addresses that scan for repeated ssh logins.
>
> From the manual:
>
> # "usedns" specifies if jails should trust hostnames in logs, #
> warn when DNS lookups are performed, or ignore all hostnames in
> logs # # yes: if a hostname is encountered, a DNS lookup will be
> performed. # warn: if a hostname is encountered, a DNS lookup
> will be performed, # but it will be logged as a warning. #
> no: if a hostname is encountered, will not be used for banning, #
> but it will be logged as info. usedns = no
>
>
If the logfiles you process only use ip addresses, then it makes no
difference. When you also match hostnames in your logfiles, you're
potentially open to a DOS attack. sshd logs specific ip addresses for
each (failed) connect, so usedns=no should have no negative impact on
that use case. To be sure, post a full log sample of a failed sshd
login attempt.
Regards,
Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWy3A5AAoJEJPfMZ19VO/1IOoP/0McJvt3Eh2lFjKwwK+07gSs
Z3J6bsscBQ3LPvOpD9pYv/yryC/wx1SFJxuxZ0yykGdlzIY9C1w2+QYQWIt8SxE0
xMPoPGSaDSzUOvP1YiwKhL5jt1T1CfN75t7UWs3lqG9mLwHFmfoADVw84Dlfww1V
CBuLZhVzHWRCdHwiNy13c4UY5ipmzgBICl4K01aldudeXUszRN4kDKbMFxpY68v9
iC2MbuzCy0OIx6cFWyeGmrSpfMbPQwkIgoJiCbHyzwVqIwrt/Rt4fw/aDtIWJddR
nAD3+SxS/syMlqmLuIyf5rj0S0MzTTEBHhUzR1u6jqDsA7JteXWebP5qBksB79jX
A7wrIIzMF0FZ/IxI3ZqDgxGZmjwwH+sbXyExfCVJvczLqq0Z4W7SSgH7f+4fze8C
F84U/V9BbVMtHD5lTKZ7k96jMT2Nk+287Drcn5E6JrnkI9Ihof41qSNvKIiqIHqo
uckrburzff4QiPe7GGqZIe64nT+wJetdpMQ1TLkU69Q3+cgOHXOQfWRXTv2Na488
dpMbiugVg/2AHk65AO2CNf180DeI36I/1qNkMSolcSCoKPVkTRVFzsbx86JKsYxQ
KK/m9YKKnsxcxrAaTpX/rrUjdtLyBmr6vmiJ/t3dzYgylFzu3u/DKqt/dy/JSHX4
utIWo9bsMIXCg3dPaWmR
=CC5q
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
