I read some reports on this list where people get random IPs
scanning/probing ports. I have that same issue of course.
I use a combination of fail2ban and some hooks in my software to build
up a blacklist of IPs over time.
My question is if it's feasible to have a bitfolk-hosted blacklist of
IPs. If we were all to report our probes and scans into a (to-be-build)
bitfolk system, we'd probably protect each other more quickly and
effectively.
You might look at denyhosts, which I believe has a community blacklist at
denyhosts.net. If you don’t want to use denyhosts explicitly, you may be able to synchronise that database content with fail2ban.
It occurs to me though that these mechanisms would be an obvious vector for a DOS attack, by maliciously blacklisting harmless IP blocks. I don’t know what measures (if any) denyhosts has taken to prevent that.
Regards,
Chris
—
Chris Smith <
space.dandy@icloud.com>