Dear Wes, Thankyou for your input. Indeed I checked it before this post that "-Dusm" can capture some Unknown user, bad Auth/Priv password. such logs then can be filtered in the fail2ban.
It also makes sense about what you say regarding setting up a firewall. Incase someone is wondering about the fail2ban filters and jail, feel free to check out the fail2ban issue 3767 ( https://github.com/fail2ban/fail2ban/issues/3767) Cheers On Fri, Jun 21, 2024 at 4:41 PM Wes Hardaker <harda...@users.sourceforge.net> wrote: > Prankur Chauhan <prankur.chauha...@gmail.com> writes: > > > Is it possible to identify a malicious IP who is trying multiple times > > authentication requests with wrong credentials and increase the > > response time for each subsequent auth request, consequently also lock > > him/her out for some duration? > > > > Do you guys know if snmpd can be configured to work with tools such as > fail2ban? > > A few things: > > 1. With the right debugging flags turned on (try -Dusm) you might be > able to watch for failures and create a fail2ban hook to provide > fail2ban with new jail entries. > > 2. But my importantly, you should never ever have an snmp agent (of any > kind) connected to the internet without a firewall in front of it that > restricts access to only trusted IP addresses. This generally is true > for any SNMP or other management control protocol -- they should be > accessible only from internal networks. > > -- > Wes Hardaker > Please mail all replies to net-snmp-coders@lists.sourceforge.net > -- Cheers Prankur
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
