Menu
▾
▴
Re: [Sshguard-users] blacklisting IPs that are whitelisted
|
From: James H. <jam...@gm...> - 2015-07-24 01:06:27
|
Currently I'm leaning towards writing some tools which can be used offline to analyse the blacklist. Make suggestions about blocking IP ranges and removing IPs from the blacklist which are contained in the ranges selected to be blocked. I would want to see promoting a few IPs to blocking a ranges works well before integrating such complexity into sshguard. On Thu, Jul 23, 2015 at 4:47 PM, Kevin Zheng <kev...@gm...> wrote: > On 07/24/2015 02:53, @lbutlr wrote: > > If there were a reliable way to block all of russia and china, that > > would be great. Heck, other than a few connections from Western > > Europe and Africa I could safely block the rest of the world. > > Here's a list of CIDR blocks by country: > http://www.ipdeny.com/ipblocks/ > > You don't need SSHGuard to block these. > > > I would like to tune the behavior a bit (for example, attempts to ssh > > as root should count for like 21 so that two attempts result in a > > blacklist. (since I do not allow ssh access to the root account). > > This idea was thrown around on the mailing list a short while ago, but I > haven't gotten around to start looking at it, yet. Most of the changes > probably involve updating the lexer/parser to spit out the username (if > available), but this is not as trivial as it sounds. > > Best, > Kevin Zheng > > -- > Kevin Zheng > kev...@gm... | ke...@kd... | PGP: 0xC22E1090 > > > ------------------------------------------------------------------------------ > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users > -- James Harris Software Engineer jam...@gm... |
