Menu
▾
▴
Re: [SSHGuard-users] Blacklisting attempts on root?
|
From: James H. <jam...@gm...> - 2018-10-06 01:47:45
|
I have had a similar idea about offline processing. Instead of banning people that are trying to brute force with default usernames, I was thinking about blocking subnets or whole network providers by determine the AS (autonomous system) associated with the IP. I often see brute force attempts originating by IPs close to each other. The script would take a look at all the IPs and suggest rules to block entire networks not only would it be proactive against IPs likely to be used in the future for attacks but it would also reduce the number of firewall rules thus taxing the system less. On Fri, Oct 5, 2018 at 6:30 PM @lbutlr <kr...@kr...> wrote: > On 05 Oct 2018, at 11:38, @lbutlr <kr...@kr...> wrote: > > I’m more comfortable writing a bash script to run on occasion and add > the IPs to the blacklist myself, but I don’t know how sshguard tracks the > permanent list as opposed to the timed list. > > I have a cunning plan.<1> > > If I use a facility like log rotate to create multiple log lines for the > connection attempts I want to permaban, will sshguard be fooled into seeing > one attempt as, say, 16 attempts in the same second? > > <1> http://blackadderquotes.com/i-have-a-cunning-plan > > -- > All great truths begin as blasphemies. > > > > > > _______________________________________________ > sshguard-users mailing list > ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users > -- James Harris Software Engineer jam...@gm... |
