[Charlug] IP Ranges to block
Jason Edgecombe
jason at rampaginggeek.com
Mon Jan 26 20:50:46 EST 2009
Oleg Kio wrote:
> I remember reading about an app or a script that would dynamically modify
> iptables rules based on certain criteria. For example, if someone has X
> number of unsuccessful attempts to connect to FTP within a given timeframe
> it would add that IP to iptables drop list either temporarily or
> permanently.
>
> Has anyone used that? Does it work well?
>
> Oleg
>
I use fail2ban ( http://www.fail2ban.org/ ) for ssh traffic. It works well.
It blocks for 5 minutes, which is usually enough. Any fixed list will
quickly go out of date.
Unfortunately, the botnets have started to get around these defenses by
only probing once per zombie machine.
Jason
More information about the CharLUG
mailing list