Re: Find out host of IP

To: debian-user@lists.debian.org
Subject: Re: Find out host of IP
From: Ralph Katz <ralph.katz@rcn.com>
Date: Mon, 11 Jun 2007 09:41:54 -0400
Message-id: <[🔎] 466D5122.8010301@rcn.com>
Reply-to: debian-user <debian-user@lists.debian.org>
In-reply-to: <[🔎] 200706111553.38001.d_baron@012.net.il>
References: <20070610204242.3D5152EEBF@murphy.debian.org> <[🔎] 200706111553.38001.d_baron@012.net.il>

On 06/11/2007 08:53 AM, David Baron wrote:
> On Sunday 10 June 2007, debian-user-digest-request@lists.debian.org wrote:
>>> Someone is trying to ssh on to my system. Trying on several ports. Not
>>> the first time, either. Thankfully, he does not have a password. Besides
>>> a bunch of Deprecated option ReverseMappingCheck, so far no harm done.
>>>
>>> Since my logs have this IP number, how do I find out who it is?
>> Other replies address the question, but you could install fail2ban to
>> throttle the attacks from anywhere.  fail2ban is a wonderful solution!
> 
> Looks good. I have installed, added a "jail" and path /var/log/auth.log
> I am unable to place a regex for it to detect the failure. Want something like
> "\Failed.+from.+\d" or such. No matter what I enter, it says "no regular 
> expression is defined. No delimitor, quote, slash, etc. seems to work either.
> How does one enter these?

David, I don't know how you made it so complicated. :)

I use the default config in the debian fail2ban package, so it "just
works."  Suggest you purge/re-install fail2ban, then if you want further
tweaks, read   ~$ man fail2ban  and/or  /etc/fail2ban.conf .

Have fun!

Ralph


-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: Find out host of IP
  - From: David Baron <d_baron@012.net.il>

Prev by Date: Re: Find out host of IP
Next by Date: Re: Find out host of IP
Previous by thread: Re: Find out host of IP
Next by thread: Re: Find out host of IP
Index(es):
- Date
- Thread