11 Nov
2019
11 Nov
'19
12:01 p.m.
On Mon, 2019-11-11 at 11:54 +0000, Chris Smith wrote:
I should have mentioned that I do use some community lists too. The
main point though I was attempting to convey was that I would consider
it beneficial if the blocking was done on a router upstream from the
VPS rather on the VPS itself.
Conrad
On 11 Nov
2019, at 11:30, Conrad Wood <cnw(a)conradwood.net> wrote:
I read some reports on this list where people get random IPs
scanning/probing ports. I have that same issue of course.
I use a combination of fail2ban and some hooks in my software to
build
up a blacklist of IPs over time.
My question is if it's feasible to have a bitfolk-hosted blacklist
of
IPs. If we were all to report our probes and scans into a (to-be-
build)
bitfolk system, we'd probably protect each other more quickly and
effectively.
You might look at denyhosts, which I believe has a community
blacklist at denyhosts.net. If you don’t want to use denyhosts
explicitly, you may be able to synchronise that database content with
fail2ban.
It occurs to me though that these mechanisms would be an obvious
vector for a DOS attack, by maliciously blacklisting harmless IP
blocks. I don’t know what measures (if any) denyhosts has taken to
prevent that.