Within 10 minutes of opening port 22 on my router, Fail2ban had already blocked 7 IP. Most of them coming from China. Is it possible for fail2ban to parse through the reverse IP lookup and email the ISP (provide the IP date & time) advising them that a user is using their network to hack computer. Perhaps after receiving so many email they would take some actions.
Fail2ban notification
-
- OMV 5.x
- excalibure
-
An easier solution for you would be to move your ssh port away from 22 to something obscure. Mine isn't on port 22 and I get zero such attempts to connect to it.
-
Within 10 minutes of opening port 22 on my router, Fail2ban had already blocked 7 IP. Most of them coming from China. Is it possible for fail2ban to parse through the reverse IP lookup and email the ISP (provide the IP date & time) advising them that a user is using their network to hack computer. Perhaps after receiving so many email they would take some actions.
Lol, ISP's don't give a crap, sorry to break it to you. The only action they'll likely take is to ban your IP from sending them emails to them. Best solution is what @gderf said earlier, use a completely random port on your router forwarded to port 22 on your machine. So, would look like this.
your.public.ip.address:39341--->your.machine.ip.address:22
Me personally, I use two routers for SSH. My main one is forwarded to the second one, which is running SSH on it and has a static IP address. I then use this second router to SSH into my machine, which also has fail2ban running on it, so even if the second router is somehow compromised, they'll literally only get three chances to figure out my PW before a permaban.
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!