On 21 Oct 2024, at 20:37, Peter N. M. Hansteen <pe...@bsdly.net> wrote: >> which begs the question, what to do you do to the ones that get thrown into >> the table?
So, I have a multi-layer strategy: 1. at the edge router all attempts at hitting well-known ports on the network and b/cast get added to the PF blocklist on the spot, 2. the edge router collects and collates the blocklists from my internal hosts and adds them, this is currently a pull but is about to become a push, and protects the whole network in one go, 3. the individual hosts have scripts to find SSH, Dovecot, Sendmail and Postfix brute-forcers, submitting to the edge router and their own PF blocklist as an extra measure, 4. a honeypot adds the rest but also allows me to play. I have explicit bypasses for certain services I run which I want to be open to everyone no matter the IP (but not SSH, IMAP, etc.) There is also an un-related OpenBSD httpd config which “block drop”s any and all invalid URLs so I don’t worry about the logs being DoS’d. That’s all folks, Arrigo _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
