Discussion:
request: add IP address to a log message to allow blocking
(too old to reply)
IMAP List Administration
2016-03-29 11:23:38 UTC
Permalink
Hello,

I'm seeing a lot of messages like this:

fatal: Read from socket failed: Connection reset by peer [preauth]

I presume they are the result of someone trying a brute-force attack of some
kind, and would like to ban the attacker, but cannot, because the IP address is
missing.

If you haven't already, an you please add the IP address to this message, and
any similar messages? I'm using version 6.7p1.

thanks,
Rob
Damien Miller
2016-03-29 22:10:00 UTC
Permalink
Post by IMAP List Administration
Hello,
fatal: Read from socket failed: Connection reset by peer [preauth]
I presume they are the result of someone trying a brute-force attack of some
kind, and would like to ban the attacker, but cannot, because the IP address is
missing.
If you haven't already, an you please add the IP address to this message, and
any similar messages? I'm using version 6.7p1.
I actually added that recently. It will be in openssh-7.3, due in a
couple of months.

-d
Daniel Kahn Gillmor
2016-03-29 22:22:26 UTC
Permalink
Post by Damien Miller
Post by IMAP List Administration
If you haven't already, an you please add the IP address to this message, and
any similar messages? I'm using version 6.7p1.
I actually added that recently. It will be in openssh-7.3, due in a
couple of months.
Will it be configurable? There are situations where people actively
don't want to have any IP addresses logged for legal reasons, and
ideally it would be easy to get diagnostics without risks of IP
addresses being written to log storage.

--dkg
Martin Schröder
2016-03-29 22:37:13 UTC
Permalink
Post by Daniel Kahn Gillmor
Will it be configurable? There are situations where people actively
don't want to have any IP addresses logged for legal reasons, and
ideally it would be easy to get diagnostics without risks of IP
addresses being written to log storage.
Aye. Or scramble the lower octet of IPv4 addresses (don't know what's
the equivalent for IPv6).

Best
Martin
Damien Miller
2016-03-30 09:10:29 UTC
Permalink
Post by Daniel Kahn Gillmor
Post by Damien Miller
Post by IMAP List Administration
If you haven't already, an you please add the IP address to this message, and
any similar messages? I'm using version 6.7p1.
I actually added that recently. It will be in openssh-7.3, due in a
couple of months.
Will it be configurable? There are situations where people actively
don't want to have any IP addresses logged for legal reasons, and
ideally it would be easy to get diagnostics without risks of IP
addresses being written to log storage.
No, it won't be configurable. We've always logged IP addresses in some
circumstances, we're just being more consistent in doing so. Anyone who
has had special requirements around log privacy should have implemented
filtering years ago.

-d

Loading...