Re: How to push back against repeated login attempts?

[Noah Meyerhans <noahm@debian.org>]

>    2. In addition to fail2ban you can download a blocklist, and use that as
>    well. I found this public blocklist with a script on how to
>    automatically block the IPs on the list.
> 
>    [2]https://gist.github.com/klepsydra/ecf975984b32b1c8291a

+1 to using blocklists.  I have been using firehol blocklists in a few
places for some time and been quite happy. https://github.com/firehol
They aggregate IP lists from a number of different sources and make them
available in a standard format for easy consumption.  You can pick and
choose exactly which blocklists to deploy based on whatever criteria you
come up with.

You can choose to use firehol itself as your firewall framework, or not.
I built a custom system that manages my firewall, so I can't speak to
how well it works.  If you do deploy a blocklist, make sure you are
keeping its content up-to-date so you don't end up miscategorizing
incoming traffic.  Some of the blocklists are pretty stable and don't
change much, but others change hourly.

noah