aboutsummaryrefslogtreecommitdiffstats
path: root/main/fail2ban/alpine-sshd-ddos.filterd
blob: ae405694738410c8b574156c7fece93f5bda99d2 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# Fail2Ban ssh filter for at attempted exploit
#
# The regex here also relates to a exploit:
#
#  http://www.securityfocus.com/bid/17958/exploit
#  The example code here shows the pushing of the exploit straight after
#  reading the server version. This is where the client version string normally
#  pushed. As such the server will read this unparsible information as
#  "Did not receive identification string".

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = sshd

failregex = Did not receive identification string from <HOST>\s*$

ignoreregex = 

[Init]