What was happened with this attacker?!

Security
1

Hello.
Today I have received a nice visit from a nice people from the world trying to get married with my server behind the ipfire :slight_smile:

My question is: ok… have established an handshake on port 443…that is open, after have tried to establish connection using the previous established connection from 443 to the port 80 that is closed. After I see two ping requests… and a latest trying on the por 22…

Could be a nice technics to set a trigger on this kind of attacks where the firewall ban completely the source IP?

Thank you.

ipfire localdomain - Firewall log Country (3)
ipfire localdomain - Firewall log Country (3)840×74 32 KB

2

Fail2Ban. Mabye one day it will be considered interesting as package. Otherwise… IPS.

3

What IPS I can use with Ipfire?

4

IPFire Wiki - Intrusion Prevention System (IPS)

5

Hello.
It is already enabled…
There is a particular setting that I need to do?!?