Re: [OT] odd network question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 


On 06/08/2019 00:12, Jon LaBadie wrote:

On Mon, Aug 05, 2019 at 09:31:56AM +0100, Giles Coochey wrote:

On 05/08/2019 09:18, Pete Biggs wrote:

I've found the default 10min bans hardly bother some attackers.
So I've added the "recidive" feature of fail2ban.  After the
second 10min ban, the attacker is blocked for 1 week.


Oh definitely. My systems are set to "3 bans and you're out" - a
recidive ban is permanent after three other bans.  I have large parts
of some subnets in my ban list as attackers just move from one host to
another as they get banned.

P.


I worked for a company some time back that had an association with a South
African company who wanted to host some infrastructure in our data centre,
the network admin there wanted a specific configuration for outbound source
NAT from a certain host that would scroll through a list of source NAT IP
addresses (think a whole /24) for every connection attempt, pretty sure it
was for sending unsolicited emails, in any case the association with that
company didn't last and I took redundancy after less than a year there.

Now that would be a single firewall rule and a kernel ipset.
Well, yes - I had a conversation with the guy, and he always had an answer, "oh if that happens I can do this", he said that with real pride - a real slippery lizard in my opinion and at the back of my head was, "maybe the people you're sending emails to just don't want to receive them! And that's why you're jumping through these countless hoops, if you actually had proper opt-in, with a working opt-out per default you might not need this awful hack", there are companies out there specifically selling IP addresses with good reputations to companies who ruin that IP range's reputation, once they reputation has been ruined I guess they get discarded, sold on to another company who only then finds out that they can't run a mail server on that range because its been added to every blocklist on the planet. 
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux