Is there a RFxnetworks brute force detector bypass???
I run the BFD and APF from
http://rfxnetworks.com/
have received 6097 failed login attempts from the same IP, that BFD should have blocked.
The IP was ( I am blocking the last 2 octets to protect the guilty):
173.8.x.x
But on the 6th failed login the entry inserted into
/etc/apf/deny_hosts.rules
is: 173-8-x-x-sfba.hfc.comcastbusiness.net
(this host name does not ping)
When I try to manually add 173.8.x.x, I get the error:
# apf -d 173.8.x.x
173.8.x.x already exists in /etc/apf/deny_hosts.rules
Also in /var/log/secure, I noticed the IP in this format:
::ffff:173.8.x.x
Why is the BFD resolving the IP to a hostname?
How can I get it to just block the IP?
TIA