On 02/12/2015 12:02 PM, Jens Viisauksena wrote: > Hello > > I actually have a attack on my server where i have a iptable list of > some hundred ips from korea and china to a tor -exit Node. > > i wonder if there is some nice way around of blocking whole address > spaces like /24 or more restrictly /16 if there is a certain amount of > succesfully blocked IPs. > So , i suggest -- after 10 blocked ips to block whole /24 .. after 50 > blocked ips to block whole /16. > I wonder if i can use the fail2ban.log iitself for this ...
The issue revolves around how IP addresses are allocated and what correlation you presume there is between one address that is a bad actor and all other addresses in the same /16 netblock. Unfortunately there is no correlation, at least if the other IP is not a member of the same netblock or orginization (ISP, generally) - even that is not finite. The other IPs could be allocated to ISPs in dozens of other countries. Blocking a netblock after X members get banned might be an approach, but you can't use 'hardcoded' /24 or /16 subnets for that. This was most recently brought up in Issue https://github.com/fail2ban/fail2ban/issues/953 > > Any hints or Methods welcome > Jens > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming. The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
