fail2ban plugin/filter #30
Description
Implement a fail2ban plugin/filter to ban clients that have repeated errors. Cases to consider:
- Sending commands that are not implemented. AUTH is a very common one.
- Dropping connections on the client side.
- SSL negotiation errors. Careful here, we may be scanned by internet-census.org, and that's legit.
Examples of internet-census.org scans:
mailfilter[611136]: [error] [smtp_hdlr_starttls smtp_server.c:1045] 140485978855232:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1686:
mailfilter[611138]: [error] [smtp_hdlr_starttls smtp_server.c:1045] 140485978855232:error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low:ssl/statem/statem_srvr.c:1686:
From the whois.ripe.net database:
Internet Census Group seeks to measure the global Internet with non-intrusive data collection techniques in order to analyze trends and benchmark security performance across a broad range of industries
We are committed to upholding the security and privacy of the entire online community. As part of that mission, we maintain a list of entities that have contacted us and wish to prevent us from attempting to access their addresses or ports
To have your IP address added to this list, provide us with the IP addresses you wish to remove via email to: optout@internet-census.org
Please continue to update us if your IP addresses or networks change so we can continue to keep you opted out. You will receive a confirmation email when completed