# Fail2Ban ssh filter for at attempted exploit # # The regex here also relates to a exploit: # # http://www.securityfocus.com/bid/17958/exploit # The example code here shows the pushing of the exploit straight after # reading the server version. This is where the client version string normally # pushed. As such the server will read this unparsible information as # "Did not receive identification string". [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = sshd failregex = ^%(__prefix_line)sDid not receive identification string from \s*$ ignoreregex = # Author: Yaroslav Halchenko