[Fail2ban-users] fail2ban enhancement idea - block subnets when "too many" individual IPs are block

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Lately the semi-brute force attackers have begun spreading out their attacks across larger groups of source IP addresses.

What do you think of the idea of teaching fail2ban to block subnets after some configurable percentage of the IP addresses within the subnet have been blocked?

thanks,
Jay

-----Original Message-----
From: logwatch
Received: Friday, 26 Oct 2012, 4:05
To: root
Subject: Logwatch for (Linux)

################### Logwatch 7.3 (03/24/06) ####################
Processing Initiated: Fri Oct 26 04:02:41 2012
Date Range Processed: yesterday
( 2012-Oct-25 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host:
##################################################################

--------------------- fail2ban-messages Begin (detail=5) ------------------------

Banned services with Fail2Ban: Bans:Unbans
postfix-iptables: [218:0 ]
1.160.217.151 (1-160-217-151.dynamic.hinet.net) 1:0
1.160.220.157 (1-160-220-157.dynamic.hinet.net) 1:0
1.160.221.155 (1-160-221-155.dynamic.hinet.net) 1:0
1.160.223.62 (1-160-223-62.dynamic.hinet.net) 1:0
1.160.226.145 (1-160-226-145.dynamic.hinet.net) 1:0
1.160.227.22 (1-160-227-22.dynamic.hinet.net) 1:0
1.160.228.136 (1-160-228-136.dynamic.hinet.net) 1:0
1.160.230.157 (1-160-230-157.dynamic.hinet.net) 1:0
1.160.244.61 (1-160-244-61.dynamic.hinet.net) 1:0
1.163.130.177 (1-163-130-177.dynamic.hinet.net) 1:0
1.163.130.231 (1-163-130-231.dynamic.hinet.net) 1:0
1.163.131.181 (1-163-131-181.dynamic.hinet.net) 1:0
1.163.131.185 (1-163-131-185.dynamic.hinet.net) 1:0
1.163.131.252 (1-163-131-252.dynamic.hinet.net) 1:0
1.163.132.203 (1-163-132-203.dynamic.hinet.net) 1:0
1.163.133.43 (1-163-133-43.dynamic.hinet.net) 1:0
1.163.134.128 (1-163-134-128.dynamic.hinet.net) 1:0
1.163.135.201 (1-163-135-201.dynamic.hinet.net) 1:0
1.163.137.168 (1-163-137-168.dynamic.hinet.net) 1:0
1.163.137.197 (1-163-137-197.dynamic.hinet.net) 1:0
1.163.138.241 (1-163-138-241.dynamic.hinet.net) 1:0
1.163.140.115 (1-163-140-115.dynamic.hinet.net) 1:0
1.163.141.220 (1-163-141-220.dynamic.hinet.net) 1:0
1.163.142.175 (1-163-142-175.dynamic.hinet.net) 1:0
1.163.144.61 (1-163-144-61.dynamic.hinet.net) 1:0
1.163.145.74 (1-163-145-74.dynamic.hinet.net) 1:0
1.163.147.75 (1-163-147-75.dynamic.hinet.net) 1:0
1.163.147.136 (1-163-147-136.dynamic.hinet.net) 1:0
1.163.149.245 (1-163-149-245.dynamic.hinet.net) 1:0
1.163.150.65 (1-163-150-65.dynamic.hinet.net) 1:0
1.163.150.218 (1-163-150-218.dynamic.hinet.net) 1:0
1.163.151.60 (1-163-151-60.dynamic.hinet.net) 1:0
1.163.152.141 (1-163-152-141.dynamic.hinet.net) 1:0
1.163.153.128 (1-163-153-128.dynamic.hinet.net) 1:0
1.163.153.238 (1-163-153-238.dynamic.hinet.net) 1:0
1.163.155.34 (1-163-155-34.dynamic.hinet.net) 1:0
1.163.155.98 (1-163-155-98.dynamic.hinet.net) 1:0
1.163.156.198 (1-163-156-198.dynamic.hinet.net) 1:0
1.163.157.125 (1-163-157-125.dynamic.hinet.net) 1:0
1.163.158.96 (1-163-158-96.dynamic.hinet.net) 1:0
1.163.158.212 (1-163-158-212.dynamic.hinet.net) 1:0
1.163.159.134 (1-163-159-134.dynamic.hinet.net) 1:0
1.163.159.234 (1-163-159-234.dynamic.hinet.net) 1:0
1.163.161.112 (1-163-161-112.dynamic.hinet.net) 1:0
1.163.162.116 (1-163-162-116.dynamic.hinet.net) 1:0
1.163.162.152 (1-163-162-152.dynamic.hinet.net) 1:0
1.163.165.159 (1-163-165-159.dynamic.hinet.net) 1:0
1.163.166.106 (1-163-166-106.dynamic.hinet.net) 1:0
1.163.225.19 (1-163-225-19.dynamic.hinet.net) 1:0
1.163.230.132 (1-163-230-132.dynamic.hinet.net) 1:0
1.164.89.249 (1-164-89-249.dynamic.hinet.net) 1:0
1.164.90.128 (1-164-90-128.dynamic.hinet.net) 1:0
1.164.92.86 (1-164-92-86.dynamic.hinet.net) 1:0
1.164.94.49 (1-164-94-49.dynamic.hinet.net) 1:0
1.164.96.67 (1-164-96-67.dynamic.hinet.net) 1:0
1.164.97.18 (1-164-97-18.dynamic.hinet.net) 1:0
1.164.97.83 (1-164-97-83.dynamic.hinet.net) 1:0
1.164.98.131 (1-164-98-131.dynamic.hinet.net) 1:0
1.164.98.240 (1-164-98-240.dynamic.hinet.net) 1:0
1.164.104.32 (1-164-104-32.dynamic.hinet.net) 1:0
1.164.105.161 (1-164-105-161.dynamic.hinet.net) 1:0
1.164.106.11 (1-164-106-11.dynamic.hinet.net) 1:0
1.164.107.102 (1-164-107-102.dynamic.hinet.net) 1:0
1.164.109.236 (1-164-109-236.dynamic.hinet.net) 1:0
1.164.110.104 (1-164-110-104.dynamic.hinet.net) 1:0
1.164.110.170 (1-164-110-170.dynamic.hinet.net) 1:0
1.164.110.222 (1-164-110-222.dynamic.hinet.net) 1:0
1.164.111.132 (1-164-111-132.dynamic.hinet.net) 1:0
1.164.113.40 (1-164-113-40.dynamic.hinet.net) 1:0
1.164.113.115 (1-164-113-115.dynamic.hinet.net) 1:0
1.164.115.63 (1-164-115-63.dynamic.hinet.net) 1:0
1.164.116.92 (1-164-116-92.dynamic.hinet.net) 1:0
1.164.116.117 (1-164-116-117.dynamic.hinet.net) 1:0
1.164.116.198 (1-164-116-198.dynamic.hinet.net) 1:0
1.164.118.161 (1-164-118-161.dynamic.hinet.net) 1:0
1.164.119.54 (1-164-119-54.dynamic.hinet.net) 1:0
1.164.119.233 (1-164-119-233.dynamic.hinet.net) 1:0
1.164.176.88 (1-164-176-88.dynamic.hinet.net) 1:0
1.164.179.194 (1-164-179-194.dynamic.hinet.net) 1:0
1.164.181.27 (1-164-181-27.dynamic.hinet.net) 1:0
1.164.181.139 (1-164-181-139.dynamic.hinet.net) 1:0
1.164.182.122 (1-164-182-122.dynamic.hinet.net) 1:0
1.164.182.186 (1-164-182-186.dynamic.hinet.net) 1:0
1.164.182.190 (1-164-182-190.dynamic.hinet.net) 1:0
36.224.43.30 (36-224-43-30.dynamic-ip.hinet.net) 1:0
36.224.43.105 (36-224-43-105.dynamic-ip.hinet.net) 1:0
36.224.46.253 (36-224-46-253.dynamic-ip.hinet.net) 1:0
36.224.47.78 (36-224-47-78.dynamic-ip.hinet.net) 1:0
36.224.88.48 (36-224-88-48.dynamic-ip.hinet.net) 1:0
36.224.88.250 (36-224-88-250.dynamic-ip.hinet.net) 1:0
36.224.89.138 (36-224-89-138.dynamic-ip.hinet.net) 1:0
36.224.90.250 (36-224-90-250.dynamic-ip.hinet.net) 1:0
36.224.91.158 (36-224-91-158.dynamic-ip.hinet.net) 1:0
36.225.182.144 (36-225-182-144.dynamic-ip.hinet.net) 1:0
111.243.208.78 (111-243-208-78.dynamic.hinet.net) 1:0
111.243.209.140 (111-243-209-140.dynamic.hinet.net) 1:0
111.243.210.57 (111-243-210-57.dynamic.hinet.net) 1:0
111.243.210.168 (111-243-210-168.dynamic.hinet.net) 1:0
111.243.211.12 (111-243-211-12.dynamic.hinet.net) 1:0
111.243.211.22 (111-243-211-22.dynamic.hinet.net) 1:0
111.243.211.103 (111-243-211-103.dynamic.hinet.net) 1:0
111.243.211.167 (111-243-211-167.dynamic.hinet.net) 1:0
111.250.43.118 (111-250-43-118.dynamic.hinet.net) 1:0
111.250.44.91 (111-250-44-91.dynamic.hinet.net) 1:0
111.250.65.36 (111-250-65-36.dynamic.hinet.net) 1:0
111.250.71.56 (111-250-71-56.dynamic.hinet.net) 1:0
111.250.76.79 (111-250-76-79.dynamic.hinet.net) 1:0
111.250.78.14 (111-250-78-14.dynamic.hinet.net) 1:0
111.250.86.87 (111-250-86-87.dynamic.hinet.net) 1:0
111.250.89.168 (111-250-89-168.dynamic.hinet.net) 1:0
111.250.92.209 (111-250-92-209.dynamic.hinet.net) 1:0
111.250.94.92 (111-250-94-92.dynamic.hinet.net) 1:0
111.250.98.115 (111-250-98-115.dynamic.hinet.net) 1:0
111.250.100.36 (111-250-100-36.dynamic.hinet.net) 1:0
111.250.106.246 (111-250-106-246.dynamic.hinet.net) 1:0
111.250.108.72 (111-250-108-72.dynamic.hinet.net) 1:0
111.250.121.217 (111-250-121-217.dynamic.hinet.net) 1:0
111.250.123.45 (111-250-123-45.dynamic.hinet.net) 1:0
111.250.138.234 (111-250-138-234.dynamic.hinet.net) 1:0
114.24.41.19 (114-24-41-19.dynamic.hinet.net) 1:0
114.24.43.138 (114-24-43-138.dynamic.hinet.net) 1:0
114.24.43.163 (114-24-43-163.dynamic.hinet.net) 1:0
114.24.67.16 (114-24-67-16.dynamic.hinet.net) 1:0
114.24.69.123 (114-24-69-123.dynamic.hinet.net) 1:0
114.24.73.112 (114-24-73-112.dynamic.hinet.net) 1:0
114.24.79.134 (114-24-79-134.dynamic.hinet.net) 1:0
114.36.6.104 (114-36-6-104.dynamic.hinet.net) 1:0
114.36.10.192 (114-36-10-192.dynamic.hinet.net) 1:0
114.36.90.166 (114-36-90-166.dynamic.hinet.net) 1:0
114.36.91.98 (114-36-91-98.dynamic.hinet.net) 1:0
114.36.129.166 (114-36-129-166.dynamic.hinet.net) 1:0
114.36.129.253 (114-36-129-253.dynamic.hinet.net) 1:0
114.36.130.23 (114-36-130-23.dynamic.hinet.net) 1:0
114.36.130.129 (114-36-130-129.dynamic.hinet.net) 1:0
114.36.133.93 (114-36-133-93.dynamic.hinet.net) 1:0
114.36.134.32 (114-36-134-32.dynamic.hinet.net) 1:0
114.36.134.80 (114-36-134-80.dynamic.hinet.net) 1:0
114.36.134.187 (114-36-134-187.dynamic.hinet.net) 1:0
114.42.13.225 (114-42-13-225.dynamic.hinet.net) 1:0
114.42.17.44 (114-42-17-44.dynamic.hinet.net) 1:0
114.42.128.99 (114-42-128-99.dynamic.hinet.net) 1:0
114.42.128.247 (114-42-128-247.dynamic.hinet.net) 1:0
114.42.129.76 (114-42-129-76.dynamic.hinet.net) 1:0
114.42.129.127 (114-42-129-127.dynamic.hinet.net) 1:0
114.42.129.156 (114-42-129-156.dynamic.hinet.net) 1:0
114.42.129.163 (114-42-129-163.dynamic.hinet.net) 1:0
114.42.130.114 (114-42-130-114.dynamic.hinet.net) 1:0
114.42.132.7 (114-42-132-7.dynamic.hinet.net) 1:0
114.42.134.167 (114-42-134-167.dynamic.hinet.net) 1:0
114.42.134.225 (114-42-134-225.dynamic.hinet.net) 1:0
114.42.135.139 (114-42-135-139.dynamic.hinet.net) 1:0
114.42.137.60 (114-42-137-60.dynamic.hinet.net) 1:0
114.42.137.122 (114-42-137-122.dynamic.hinet.net) 1:0
114.42.137.211 (114-42-137-211.dynamic.hinet.net) 1:0
114.42.138.79 (114-42-138-79.dynamic.hinet.net) 1:0
114.42.139.140 (114-42-139-140.dynamic.hinet.net) 1:0
114.42.139.229 (114-42-139-229.dynamic.hinet.net) 1:0
114.42.143.202 (114-42-143-202.dynamic.hinet.net) 1:0
114.42.152.232 (114-42-152-232.dynamic.hinet.net) 1:0
114.42.153.53 (114-42-153-53.dynamic.hinet.net) 1:0
114.42.156.16 (114-42-156-16.dynamic.hinet.net) 1:0
114.42.156.98 (114-42-156-98.dynamic.hinet.net) 1:0
114.42.157.24 (114-42-157-24.dynamic.hinet.net) 1:0
114.42.158.26 (114-42-158-26.dynamic.hinet.net) 1:0
114.42.158.161 (114-42-158-161.dynamic.hinet.net) 1:0
114.44.96.5 (114-44-96-5.dynamic.hinet.net) 1:0
114.44.96.197 (114-44-96-197.dynamic.hinet.net) 1:0
114.44.96.226 (114-44-96-226.dynamic.hinet.net) 1:0
114.44.97.65 (114-44-97-65.dynamic.hinet.net) 1:0
114.44.97.84 (114-44-97-84.dynamic.hinet.net) 1:0
114.44.97.153 (114-44-97-153.dynamic.hinet.net) 1:0
114.44.97.242 (114-44-97-242.dynamic.hinet.net) 1:0
114.44.99.49 (114-44-99-49.dynamic.hinet.net) 1:0
114.44.99.157 (114-44-99-157.dynamic.hinet.net) 1:0
114.44.100.158 (114-44-100-158.dynamic.hinet.net) 1:0
114.44.101.87 (114-44-101-87.dynamic.hinet.net) 1:0
114.44.101.140 (114-44-101-140.dynamic.hinet.net) 1:0
114.44.101.219 (114-44-101-219.dynamic.hinet.net) 1:0
114.44.101.247 (114-44-101-247.dynamic.hinet.net) 1:0
114.44.102.24 (114-44-102-24.dynamic.hinet.net) 1:0
114.44.103.16 (114-44-103-16.dynamic.hinet.net) 1:0
114.44.103.98 (114-44-103-98.dynamic.hinet.net) 1:0
114.44.103.232 (114-44-103-232.dynamic.hinet.net) 1:0
114.44.104.89 (114-44-104-89.dynamic.hinet.net) 1:0
114.44.104.208 (114-44-104-208.dynamic.hinet.net) 1:0
114.44.104.216 (114-44-104-216.dynamic.hinet.net) 1:0
114.44.104.219 (114-44-104-219.dynamic.hinet.net) 1:0
114.44.105.96 (114-44-105-96.dynamic.hinet.net) 1:0
114.44.105.236 (114-44-105-236.dynamic.hinet.net) 1:0
114.44.105.240 (114-44-105-240.dynamic.hinet.net) 1:0
114.44.106.215 (114-44-106-215.dynamic.hinet.net) 1:0
114.44.107.85 (114-44-107-85.dynamic.hinet.net) 1:0
114.44.107.218 (114-44-107-218.dynamic.hinet.net) 1:0
114.44.107.236 (114-44-107-236.dynamic.hinet.net) 1:0
114.44.108.76 (114-44-108-76.dynamic.hinet.net) 1:0
114.44.108.163 (114-44-108-163.dynamic.hinet.net) 1:0
114.44.108.191 (114-44-108-191.dynamic.hinet.net) 1:0
114.44.109.204 (114-44-109-204.dynamic.hinet.net) 1:0
114.44.111.12 (114-44-111-12.dynamic.hinet.net) 1:0
114.44.111.34 (114-44-111-34.dynamic.hinet.net) 1:0
114.44.111.35 (114-44-111-35.dynamic.hinet.net) 1:0
114.44.111.95 (114-44-111-95.dynamic.hinet.net) 1:0
114.45.196.5 (114-45-196-5.dynamic.hinet.net) 1:0
114.45.196.228 (114-45-196-228.dynamic.hinet.net) 1:0
118.165.253.210 (118-165-253-210.dynamic.hinet.net) 1:0
118.166.204.37 (118-166-204-37.dynamic.hinet.net) 1:0
118.166.204.54 (118-166-204-54.dynamic.hinet.net) 1:0
118.167.96.32 (118-167-96-32.dynamic.hinet.net) 1:0
118.167.96.50 (118-167-96-50.dynamic.hinet.net) 1:0
118.167.96.118 (118-167-96-118.dynamic.hinet.net) 1:0
118.167.96.151 (118-167-96-151.dynamic.hinet.net) 1:0
118.167.97.98 (118-167-97-98.dynamic.hinet.net) 1:0
118.167.98.60 (118-167-98-60.dynamic.hinet.net) 1:0
118.167.98.140 (118-167-98-140.dynamic.hinet.net) 1:0
118.167.99.241 (118-167-99-241.dynamic.hinet.net) 1:0
118.168.38.136 (118-168-38-136.dynamic.hinet.net) 1:0
118.168.38.196 (118-168-38-196.dynamic.hinet.net) 1:0
118.168.39.132 (118-168-39-132.dynamic.hinet.net) 1:0
ssh-tcpwrapper: [ 2:1 ]
60.248.152.55 (60-248-152-55.HINET-IP.hinet.net) 1:0
211.175.198.126 0:1
216.104.37.90 (server.proximaltd.com) 1:0

---------------------- fail2ban-messages End -------------------------

[Fail2ban-users] fail2ban enhancement idea - block subnets when "too many" individual IPs are block

[Fail2ban-users] fail2ban enhancement idea - block subnets when "too many" individual IPs are blocked