[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to push back against repeated login attempts?

On 2021-03-02 22:35, Noah Meyerhans wrote:
2. In addition to fail2ban you can download a blocklist, and use that as
   well. I found this public blocklist with a script on how to
   automatically block the IPs on the list.


+1 to using blocklists.  I have been using firehol blocklists in a few
places for some time and been quite happy. https://github.com/firehol
They aggregate IP lists from a number of different sources and make them
available in a standard format for easy consumption.  You can pick and
choose exactly which blocklists to deploy based on whatever criteria you
come up with.

You can choose to use firehol itself as your firewall framework, or not.
I built a custom system that manages my firewall, so I can't speak to
how well it works.  If you do deploy a blocklist, make sure you are
keeping its content up-to-date so you don't end up miscategorizing
incoming traffic.  Some of the blocklists are pretty stable and don't
change much, but others change hourly.

Thanks for the tip on FireHOL, and all their block lists. I was using just the blocklist.de list and updating it nightly. It looks like I should be able to get better coverage by using more block lists.

You say that you chose not to use FireHOL itself, but instead chose to roll your own. Could I ask why? are there problems or downsides to FireHOL?


David Pottage

Reply to: