Gary Baribault wrote:
> I don't know what is going on last night and this morning ... I have
> three Linux servers facing the Internet, two on cable modems and
> another on a static IP/commercial connection and this last one is a
> gateway to a Web/FTP/SMTP/Pop3/NTP Linux based system.
> <snip>
> Is any one else seing this? or am I being targeted? This is still
> going on now .. and it started arround 10:00 last night GMT+4
I've had one system bouncing off of SSH on one of my servers for about a
week now. I have fail2ban configured to drop them for six hours after
five failed connects. The server in question is configured for key
authentication only but they keep trying to submit a password anyway.
The second the ban drops I see them connecting again. Other than that,
I haven't seen anything bouncing off my servers repeatedly. Everything
gets banned once and never comes back.
--Blaine
Received on May 07 2008
Intro
