diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf index 60efead7..418badbf 100644 --- a/config/filter.d/sshd.conf +++ b/config/filter.d/sshd.conf @@ -64,6 +64,7 @@ mdre-normal = mdrp-normal-suff-onclosed = (?:%(__suff)s|\s*)$ mdre-ddos = ^Did not receive identification string from + ^Bad protocol version identification '.*' from ^Connection reset by ^Connection closed by%(__authng_user)s %(__on_port_opt)s\s+\[preauth\]\s*$ ^SSH: Server;Ltype: (?:Authname|Version|Kex);Remote: -\d+;[A-Z]\w+: diff --git a/fail2ban/tests/files/logs/sshd b/fail2ban/tests/files/logs/sshd index e2b3d456..68e65901 100644 --- a/fail2ban/tests/files/logs/sshd +++ b/fail2ban/tests/files/logs/sshd @@ -260,6 +260,8 @@ Mar 7 18:53:38 bar sshd[1559]: Connection closed by 192.0.2.116 Jun 7 01:10:56 host sshd[5937]: Did not receive identification string from 69.61.56.114 # failJSON: { "time": "2005-06-07T01:11:57", "match": true , "host": "192.0.2.5", "desc": "refactored message (with port now, gh-2062)" } Jun 7 01:11:57 host sshd[8782]: Did not receive identification string from 192.0.2.5 port 35836 +# failJSON: { "time": "2005-06-07T01:11:58", "match": true , "host": "69.61.56.115" } +Jun 7 01:11:58 host sshd[8783]: Bad protocol version identification 'dummy string' from 69.61.56.115 port 31778 # gh-864(1): # failJSON: { "match": false }