Menu
▾
▴
Re: [Sshguard-users] xtables lock
|
From: Kevin Z. <kev...@gm...> - 2015-03-26 01:47:56
|
On 03/25/2015 19:55, James Harris wrote: > Since moving to a systemd based init exiting no longer feels like a huge > problem. It can handle restarting if required but it also can handle > exit codes which allow failures to escalate until resolved. Spamming > the log with a message every few minutes that something is holding the > firewall lock doesn't feel like such a bad thing especially as new brute > force attempts aren't being dealt with. For now at least, I think spamming syslog is the better option. > On a separate thought. Has anyone thought about being proactive with > blocking? I have noticed attacks can come from IPs in the same class C > address blocks in a small period of time. I was thinking of something > like if X attacks come from an address block (or autonomous system?) in > a configured window add a temporary rule against that ip block. It might be a little more complex than that. These days addresses are allocated from arbitrary size subnets rather than A, B, and C blocks. > One down side is blocked attacks wont generate a blacklist entry. If > temporary rules were used I would want the option to log the number of > hits to the rule at the point it was expired. If it's a small enough subnet, perhaps it's better to extend the amount of time required to trigger a block. In a class C, it's probably true that some addresses will repeat. Thanks, Kevin Zheng -- Kevin Zheng kev...@gm... | ke...@kd... | PGP: 0xC22E1090 |
