Seite 1 von 1

udp-badchecksum.conf

Verfasst: Mo 11. Apr 2016, 19:13
von THE-AB
System:
Debian Jessie
Fail2Ban v0.8.13

Code: Alles auswählen

Mar 22 18:10:30 server kernel: [3622979.049539] UDP: bad checksum. From 176.59.104.217:39606 to 64.125.172.55:6501 ulen 15
Mar 22 18:10:32 server kernel: [3622981.129808] UDP: bad checksum. From 176.59.104.217:51806 to 64.125.172.55:6502 ulen 15
Mar 23 18:23:35 server kernel: [3710164.045868] UDP: bad checksum. From 176.59.107.30:15908 to 64.125.172.55:6501 ulen 15
Mar 23 18:23:40 server kernel: [3710169.285334] UDP: bad checksum. From 176.59.107.30:39406 to 64.125.172.55:6500 ulen 15
/etc/fail2ban/jail.conf

Code: Alles auswählen

[udp-badchecksum]
enabled = true
port     = all
banaction = iptables-allports
port     = anyport
filter = udp-badchecksum
protocol = udp
logpath = /var/log/kern.log
maxretry = 2
/etc/fail2ban/filter.d/udp-badchecksum.conf

Code: Alles auswählen

# Fail2Ban configuration file
#
#
#
[Definition]
# Option: failregex
# Notes.: regex to match the UDP: bad checksum messages in the logfile. The
# host must be matched by a group named “host”. The tag “<HOST>”
# fails on test.
# Values: TEXT
#
#failregex = UDP: bad checksum. From (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
failregex = UDP: bad checksum. From <HOST>

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =