Re: [SSHGuard-users] Portscanners

[Gary <li...@la...>]

<html><head><meta http-equiv="Content-Security-Policy" content="script-src 'self'; img-src * cid: data:;"><style id="outgoing-font-settings">#response_container_BBPPID{font-family: initial; font-size:initial; color: initial;}</style></head><body style="background-color: rgb(255, 255, 255); background-image: initial; line-height: initial;"><div id="response_container_BBPPID" style="outline:none;" dir="auto" contenteditable="false"> <div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;"> The "anvil" feature of Postfix works well in throttling pesky servers.&nbsp;</div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width:100%;">I don't use the email features of SSHGuard at all. Less is more. All I want are those useless ssh attempts throttled.&nbsp;</div>                                                                                                                                      <div name="BB10" id="response_div_spacer_BBPPID" dir="auto" style="width:100%;"> <br style="display:initial"></div>                            <div id="blackberry_signature_BBPPID" name="BB10" dir="auto">     <div id="_signaturePlaceholder_BBPPID" name="BB10" dir="auto"></div> </div></div><div id="_original_msg_header_BBPPID" dir="auto">                                                                                                                                             <table width="100%" style="background-color: white; border-spacing: 0px; display: table; outline: none;" contenteditable="false"><tbody><tr><td colspan="2" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">                           <div style="border-right: none; border-bottom: none; border-left: none; border-image: initial; border-top: 1pt solid rgb(181, 196, 223); padding: 3pt 0in 0in; font-family: Tahoma, &quot;BB Alpha Sans&quot;, &quot;Slate Pro&quot;; font-size: 10pt;">  <div id="from"><b>From:</b> ssh...@cl...</div><div id="sent"><b>Sent:</b> October 14, 2018 9:27 AM</div><div id="to"><b>To:</b> ssh...@li...; jse...@Li...</div><div id="subject"><b>Subject:</b> Re: [SSHGuard-users] Portscanners</div></div></td></tr></tbody></table> <br> </div><!--start of _originalContent --><div name="BB10" dir="auto" style="background-image: initial; line-height: initial; outline: none;" contenteditable="false"><div><div class="moz-cite-prefix">On 14-10-2018 15:43, Jim Seymour wrote:<br>
    </div><blockquote type="cite">Can sshguard
      do that? That would be pretty sophisticated rule
      <pre class="moz-quote-pre">interpretation.</pre>
    </blockquote><p>If the same IP address tries to connect 60 times in a minute
      there is definitely more going on than just a trial on error.<br>
    </p><p>CONNECT and DISCONNECT is a logic response to such 'initiatives'.
      In this case it is all about the number of tries per minute rather
      than the log display this causes.</p><p>&gt; Personally, I wouldn't worry about it.</p><p><br>
    </p><p>-- With both feed on the ground you will never make a step
      forward
    </p></div>
<!--end of _originalContent --></div></body></html>