Re: [OT] odd network question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, Aug 05, 2019 at 09:31:56AM +0100, Giles Coochey wrote:
> 
> On 05/08/2019 09:18, Pete Biggs wrote:
> > > I've found the default 10min bans hardly bother some attackers.
> > > So I've added the "recidive" feature of fail2ban.  After the
> > > second 10min ban, the attacker is blocked for 1 week.
> > > 
> > Oh definitely. My systems are set to "3 bans and you're out" - a
> > recidive ban is permanent after three other bans.  I have large parts
> > of some subnets in my ban list as attackers just move from one host to
> > another as they get banned.
> > 
> > P.
> > 
> I worked for a company some time back that had an association with a South
> African company who wanted to host some infrastructure in our data centre,
> the network admin there wanted a specific configuration for outbound source
> NAT from a certain host that would scroll through a list of source NAT IP
> addresses (think a whole /24) for every connection attempt, pretty sure it
> was for sending unsolicited emails, in any case the association with that
> company didn't last and I took redundancy after less than a year there.

Now that would be a single firewall rule and a kernel ipset.

jl
-- 
Jon H. LaBadie                 jon@xxxxxxxxxx
 11226 South Shore Rd.          (703) 787-0688 (H)
 Reston, VA  20190              (703) 935-6720 (C)
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux