With
UDP 68.69.184.114 → I think it is the IP of the intruder @82.65.230.115 → It is my public IP (modified for the case) @172.21.17.132 → It is a bogon network… Strange !
IP4 192.168.1.83 → Not my local network
Is there someone can explain ?
Why does my Fail2ban do not see the attack ?
How can I prevent thoses attacks ?
On the balance of probabilities, it is an attack (although any system open to the internet will be subject to attacks, so attacks should be considered normal).
However, the error is due to a bogus space in the request URI, not to any attack.
Fail2ban will typically be set up to block based on authentication failures, not on malformed requests.
Why aren’t you using a proper firewall setup that actively is blocking unknown sources like this? Fail2ban is not a singular solution that should be used. It doesn’t stop attacks from happening the first time, it stops them from happening a second time (if you’re lucky). You should be stopping these things the first time, properly.
I just did it !
It was a pain to setup correctly my pfsense with OpenVPN for remote access and get all services functionnal.
This is done now and seem that all widely opened access are now closed.
I still monitor cli security details to ensure everything is correct.