Replies: 1 comment
-
Shortly: fail2ban is very dynamic tool, so this is completely depending on its configuration.
It depends on the filter used, or else which
Default sshd jail has parameter
Not an issue, so moved to discussions as question. |
Beta Was this translation helpful? Give feedback.
-
Does Fail2Ban actually only bans after failed login attempts or also if an IP address just connects to SSH (multiple times) without at all trying to login? I ask, because I personally do not use Fail2Ban, but I found records in the abuseipdb "Fail2Ban Ban Triggered" (flags Hacking, Brute-Force) and I am not sure if that can be clearly be seen as login attempts or port scanning only.
Beta Was this translation helpful? Give feedback.
All reactions