2013-10-30 13:02:59 +00:00
|
|
|
# Fail2Ban ssh filter for at attempted exploit
|
2007-01-04 12:21:44 +00:00
|
|
|
#
|
2013-04-17 18:38:03 +00:00
|
|
|
# The regex here also relates to a exploit:
|
|
|
|
#
|
|
|
|
# http://www.securityfocus.com/bid/17958/exploit
|
|
|
|
# The example code here shows the pushing of the exploit straight after
|
|
|
|
# reading the server version. This is where the client version string normally
|
|
|
|
# pushed. As such the server will read this unparsible information as
|
|
|
|
# "Did not receive identification string".
|
2012-12-07 20:17:08 +00:00
|
|
|
|
|
|
|
[INCLUDES]
|
|
|
|
|
|
|
|
# Read common prefixes. If any customizations available -- read them from
|
|
|
|
# common.local
|
|
|
|
before = common.conf
|
2007-01-04 12:21:44 +00:00
|
|
|
|
|
|
|
[Definition]
|
|
|
|
|
2012-12-07 20:17:08 +00:00
|
|
|
_daemon = sshd
|
|
|
|
|
|
|
|
failregex = ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$
|
2007-01-04 12:21:44 +00:00
|
|
|
|
|
|
|
ignoreregex =
|
2013-10-30 13:02:59 +00:00
|
|
|
|
|
|
|
# Author: Yaroslav Halchenko
|