Re: [Sshguard-users] Problem with blocking "strings" not being IPs

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Peter,

On 11/14/2014 13:51, Peter Viskup wrote:
> anybody seeing/saw similar messages? Once this occur the SSH isn't
> accessible at least our Zabbix monitoring reporting that.
> 
> Jun  4 21:31:43 server sshguard[8003]: Releasing <B0><EB><C0>^A after 1372366479 seconds.
> Jun  4 21:31:43 server sshguard[8003]: Setting environment: SSHG_ADDR=4;SSHG_ADDRKIND=4;SSHG_SERVICE=100.
> Jun  4 21:31:43 server sshguard[8003]: Run command "case $SSHG_ADDRKIND in 4) exec /sbin/iptables -D sshguard -s $SSHG_ADDR -j DROP ;;
>  6) exec /sbin/ip6tables -D sshguard -s $SSHG_ADDR -j DROP ;; *) exit -2 ;; esac": exited 1.
> Jun  4 21:31:43 server sshguard[8003]: Release command failed. Exited: -1

This sounds like SSHGuard picking up some invalid IP addresses and
passing them on. Are you using Log Sucker or syslog?

Additionally, something could have been happening with the blacklist
database. What whitelist/blacklist settings are you using?

Thanks,
Kevin Zheng

-- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090

Re: [Sshguard-users] Problem with blocking "strings" not being IPs

Intelligently block brute-force attacks by aggregating system logs

Re: [Sshguard-users] Problem with blocking "strings" not being IPs