LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   fail2ban.server : ERROR Unexpected communication error (http://www.linuxquestions.org/questions/linux-server-73/fail2ban-server-error-unexpected-communication-error-717010/)

roy-arne 04-05-2009 01:44 PM

fail2ban.server : ERROR Unexpected communication error
 
Hi,
I have a random set port number on my ftp. Still I'm struggeling with a verry high numbers of connections against my ftp. They hit every secound. I've encrypted my ftp, and no anonymus ftp is allowed. I've enabled iptables and fail2ban. But when I start fail2ban and check the log files it's full of this error:

fail2ban.server : ERROR Unexpected communication error

Have anyone seen that before?

roy-arne 04-05-2009 04:13 PM

Happy to any suggestions about how to get the hammering on my ftpserver to stop.

saman007uk 04-05-2009 07:45 PM

What do you mean by "encrypted FTP"? Did you mean that you are using SFTP instead?

Are you starting fail2ban as root? Try increasing the loglevel in the fail2ban configuration. That should give you soem more ifnromation on that error.

To stop the attacks, you could change the port that FTP is listetning to. Alternatively, you could use iptables to limit FTP connection rates to no more than 2 in a certain time, say 10 minutes:
Code:

iptables -I INPUT -p tcp --dport 21 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 21 -i eth0 -m state --state NEW -m recent \
  --update --seconds 600 --hitcount 2 -j DROP


roy-arne 04-12-2009 05:22 PM

Quote:

Originally Posted by saman007uk (Post 3499460)
What do you mean by "encrypted FTP"? Did you mean that you are using SFTP instead?

Are you starting fail2ban as root? Try increasing the loglevel in the fail2ban configuration. That should give you soem more ifnromation on that error.

To stop the attacks, you could change the port that FTP is listetning to. Alternatively, you could use iptables to limit FTP connection rates to no more than 2 in a certain time, say 10 minutes:
Code:

iptables -I INPUT -p tcp --dport 21 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 21 -i eth0 -m state --state NEW -m recent \
  --update --seconds 600 --hitcount 2 -j DROP


With encrypted I mean that I use TLS encryption.

I tried increasing the loglevel, but I got the same error, It did not give me any other hints.

I tried doing what you suggested with iptables. But still there is alot of connections against me. Why do you think changing the port will help? They are obviously port scanning me?

saman007uk 04-12-2009 05:43 PM

Try reinstalling fail2ban.

If you are getting many connections to FTP, it obviosuly is not a port scan - since port scans by definion SCANS against a range of ports. What you are describing is a brute force attack.


All times are GMT -5. The time now is 11:09 PM.