Some extra noise in sshd attempts / 2017-12-26

Koos van den Hout

2017-12-26 Some extra noise in sshd attempts 3 months ago
This morning I noticed some to me new amounts of sshd noise in the log: 
Dec 26 01:55:43 server sshd[31415]: Bad protocol version identification '\200F\001\003\001' from 185.110.132.140
Dec 26 01:56:24 server sshd[31466]: Bad protocol version identification '\200F\001\003\001' from 185.110.132.140
Dec 26 01:56:53 server sshd[31475]: Bad protocol version identification '\200F\001\003\001' from 185.110.132.140
Dec 26 01:57:33 server sshd[31499]: Bad protocol version identification '\200F\001\003\001' from 185.110.132.140
Dec 26 01:58:17 server sshd[31691]: Bad protocol version identification '\200F\001\003\001' from 185.110.132.140
Dec 26 01:58:51 server sshd[31749]: Bad protocol version identification '\200F\001\003\001' from 185.110.132.140
Dec 26 01:59:32 server sshd[31773]: Bad protocol version identification '\200F\001\003\001' from 185.110.132.140

Dec 26 12:07:58 server sshd[16434]: Bad protocol version identification '\200F\001\003\001' from 185.110.132.140
Dec 26 12:08:55 server sshd[16687]: Bad protocol version identification '\200F\001\003\001' from 185.110.132.140
Dec 26 12:09:52 server sshd[16743]: Bad protocol version identification '\200F\001\003\001' from 185.110.132.140
Going on and on and on and..

So I looked it up and found How to block Bad protocol version? · Issue #1284 · fail2ban/fail2ban · GitHub which has a simple rule to block this with fail2ban. As soon as the sshd.local was loaded a block was set for 185.110.132.140.
Tags: ,
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews, Weather maps
This page generated in 0.009499 seconds.