IP adress client which is scanning ports

Petr Krejci 3 years ago

Hi, is it possible display display IP address of client, which sent no data, only opened the connection?
I have many record in log

2023-03-25 11:56:22  INFO: [Ta2086120] connected
2023-03-25 11:56:32  INFO: [Ta2086120] timed out
2023-03-25 11:56:32  INFO: [Ta2086120] disconnected
2023-03-25 11:57:03  INFO: [T59d367ae] connected
2023-03-25 11:57:13  INFO: [T59d367ae] timed out
2023-03-25 11:57:13  INFO: [T59d367ae] disconnected
..

again and again

I alredy allowed connections only from my mobile ISP.

I want to use fail2ban to monitor the logs and ban these IP address.

I set processing.remoteAddress.enable, but nothing.

Thx Petr

Anton Tananaev 3 years ago

We only show IP if it sends some data. You can use some external tool like Wireshark to see the address.

Petr Krejci 3 years ago

Thx, I added the IP address to timeout message, and compiled it.