On Thu, Jan 09, 2020 at 11:49:59AM +0530, Thomas Stephen Lee wrote:
> On Thu, Jan 9, 2020 at 6:07 AM H <agents@xxxxxxxxxxxxxx> wrote:
>
> > I am being attacked by an entire subnet where the first two parts of the
> > IP address remain identical but the last two parts vary sufficiently that
> > it is not caught by fail2ban since the attempts do not meet the cut-off of
> > a certain number of attempts within the given time.
> >
> > Has anyone created a fail2ban filter for this type of attack? As of right
> > now, I have manually banned a range of IP addresses but would like to
> > automate it for the future.
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > https://lists.centos.org/mailman/listinfo/centos
>
>
> Hi,
>
> I am not an expert but,
> you can try creating an ipset with the the range you need and do a drop in
> iptables or firewalld.
> We have used ipsets with bare iptables in CentOS 6, and firewalld in CentOS
> 7.
> fail2ban also uses ipsets in CentOS 7.
>
Ditto, both in C6 and C7.
jl
--
Jon H. LaBadie jon@xxxxxxxxxx
11226 South Shore Rd. (703) 787-0688 (H)
Reston, VA 20190 (703) 935-6720 (C)
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
