[email protected]
[Top] [All Lists]

Bug#358810: marked as forwarded (fail2ban: add auto-abuse system based o

Subject: Bug#358810: marked as forwarded fail2ban: add auto-abuse system based on ssh-probes
From: Debian Bug Tracking System
Date: Wed, 06 Sep 2006 15:05:45 -0700
Your message dated Wed, 6 Sep 2006 17:35:33 -0400
with message-id <[email protected]>
has caused the Debian Bug report #358810,
regarding fail2ban: add auto-abuse system based on ssh-probes
to be marked as having been forwarded to the upstream software
author(s) Cyril Jaquier <[email protected]>.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Subject: Re: Bug#358810: fail2ban: add auto-abuse system based on ssh-probes
From: Yaroslav Halchenko
Date: Wed, 6 Sep 2006 17:35:33 -0400
Dear All,

Sorry for the incarnation of the discussion but I've decided to share it
with upstream since he is looking to do something "funny" ;-)

Cyril, if you decide to reply, please preserve
[email protected]
in CC

Thanks everyone

On Wed, 21 Jun 2006, Yaroslav Halchenko wrote:

> I'm wondering may be it would be better to reassign this bug over to
> fwlogwatch which was crafted for the purpose of generating such reports?
> So probably it just needs few rules to parse fail2ban log files... or
> actually can be just used in fwban action

> :-) what do you think?

> > apt-cache show fwlogwatch
> Package: fwlogwatch
> Depends: postfix | mail-transport-agent, debconf (>= 1.2.0) | debconf-2.0, 
> sysklogd | system-log-daemon, libc6 (>= 2.3.6-6), zlib1g (>= 1:1.2.1)
> Description: Firewall log analyzer
>  fwlogwatch produces ipchains, netfilter/iptables, ipfilter, Cisco IOS and
>  Cisco PIX log summary reports in text and HTML form and has a lot of
>  options to find and display relevant patterns in connection attempts. With
>  the data found it can also generate customizable incident reports from a
>  template and send them to abuse contacts at offending sites or CERT
>  coordination centers. Finally, it can also run as daemon and report
>  anomalies or start countermeasures.
> Tag: devel::library, interface::daemon, role::sw:server, 
> security::log-analyzer, use::scanning, works-with::logfile

> > also sprach Roel van der Made <[email protected]> [2006.06.21.1346 +0200]:
> > > Indeed, the preparation option would be nice, I now see hosts
> > > beeing blocked several times a day and nothing it beeing done with
> > > it anymore, which is a shame I think.
> > Do note that many of these attacks are auto-mounted. There is very
> > little an ISP can do when they receive a complaint about a host that
> > has been trojaned, unless their terms of contract require users to
> > maintain secure systems, which is impossible to prove or verify.
=------------------------------   /v\  ----------------------------=
Keep in touch                    // \\     ([email protected]|www.)onerussian.com
Yaroslav Halchenko              /(   )\               ICQ#: 60653192
                   Linux User    ^^-^^    [175555]

--- End Message ---
<Prev in Thread] Current Thread [Next in Thread>
  • Bug#358810: marked as forwarded (fail2ban: add auto-abuse system based on ssh-probes), Debian Bug Tracking System <=