Re: Blocking attacks from a range of IP addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

> > > 
> > As far as I can see fail2ban only deals with hosts and not networks - I
> > suspect the issue is what is a "network": It may be obvious to you
> > looking at the logs that these are all related, but you run the risk
> > that getting denied accesses from, say, 1.0.0.1 and 1.1.0.93 and
> > 1.2.0.124 may be interpreted as a concerted attack and you banning half
> > the internet - but that may not be a bad thing :-)
> > 
> 
> Since you can configure fail2ban to invoke scripts, I would think it
> would be possible to get it to block CIDRs (variable size subnets, i.e.
> 12.12.0.0/20).  That said, I don't have a quick and easy implementation
> on hand.

The OP was looking for an automated way of fail2ban doing it - he had
already sorted out the network range and had stopped this particular
DoS attack. 

P.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux