Re: [Fail2ban-users] I'm stuck on how to create a particular SoftEther event

Thu, 26 Aug 2021 23:18:22 -0700 

On Thu, 26 Aug 2021, Myron wrote:


Date: Thu, 26 Aug 2021 19:24:01
From: Myron <my...@co-hop.uk>
To: fail2ban-users@lists.sourceforge.net
Subject: [Fail2ban-users] I'm stuck on how to create a particular SoftEther
    event

I hope someone can help me with this as this I'm struggling with.  I wish to 
implement an immediate ban on this type of event:

2021-08-26 00:52:21.681 The connection with the client (IP address 
157.245.59.23, Port number 59420) has been disconnected.
2021-08-26 01:28:34.121 On the TCP Listener (Port 443), a Client (IP address 
128.14.209.162, Host name
"zl-dal-us-gp3-wk107.internet-census.org", Port number 38470) has connected.
2021-08-26 01:28:34.121 For the client (IP address: 128.14.209.162, host name: 
"zl-dal-us-gp3-wk107.internet-census.org", port
number: 38470), connection "CID-584" has been created.
2021-08-26 01:28:34.959 SSL communication for connection "CID-584" has been started. The 
encryption algorithm name is "RC4-MD5".
2021-08-26 01:28:41.847 Connection "CID-584" terminated by the cause "A client 
which is non-SoftEther VPN software has connected
to the port." (code 5).
2021-08-26 01:28:41.857 Connection "CID-584" has been terminated.

I am not sure on how to construct a fail2ban to ban filter to, in this example, ban 
128.14.209.162 when the string "(code 5)" is
recorded by SoftEther.

[I'm also still trying to wrap my head round RegEx. I'm finding it not easy to 
put together.]





Hello Myron,

If the connections always come from this organisation
("internet-census.org"), you might be wasting your time in attempting to
block them.  According to their Web page at
https://www.internet-census.org/home.html, they are assessing security on
the Internet.  (We would want verification of their motives, though.)

The same page also tells us how to opt out of the scanning process.

I hope this helps,
--
Graham
Normal spelling will be rezhumed assune asp ossibul.




<a href="http://english-1329209197.spampoison.com";>Get free spam bait here.</a>

_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to