Re: Blocking attacks from a range of IP addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, Jan 09, 2020 at 11:49:59AM +0530, Thomas Stephen Lee wrote:
> On Thu, Jan 9, 2020 at 6:07 AM H <agents@xxxxxxxxxxxxxx> wrote:
> 
> > I am being attacked by an entire subnet where the first two parts of the
> > IP address remain identical but the last two parts vary sufficiently that
> > it is not caught by fail2ban since the attempts do not meet the cut-off of
> > a certain number of attempts within the given time.
> >
> > Has anyone created a fail2ban filter for this type of attack? As of right
> > now, I have manually banned a range of IP addresses but would like to
> > automate it for the future.
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > https://lists.centos.org/mailman/listinfo/centos
> 
> 
> Hi,
> 
> I am not an expert but,
> you can try creating an ipset with the the range you need and do a drop in
> iptables or firewalld.
> We have used ipsets with bare iptables in CentOS 6, and firewalld in CentOS
> 7.
> fail2ban also uses ipsets in CentOS 7.
> 
Ditto, both in C6 and C7.

jl
-- 
Jon H. LaBadie                 jon@xxxxxxxxxx
 11226 South Shore Rd.          (703) 787-0688 (H)
 Reston, VA  20190              (703) 935-6720 (C)
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux