Subj : FidoGazette Vol 10 no 40
To   : Daryl Stout
From : Mike Miller
Date : Fri Jul 27 2018 01:25:02

   Hello Daryl!

09 Oct 16 12:46, you wrote to me:

 MM@>>    Hello Daryl!

 DS> Hi, Mike...

 MM@>> I set up a script that blacklists any IP that connects to a port
 MM@>> more than 5 times in a couple minutes.  iptables blocks the
 MM@>> address for a few hours.  If it continues trying after 3
 MM@>> temporary blocks, the IP is permanently blocked.

 MM@>> basically, it is a modified version of CSF (ConfigServer
 MM@>> Firewall) which is a perl wrapper and login failure daemon for
 MM@>> web-hosting providers.

 DS>   Good deal.

 DS>   Too bad Sysops have to implement such measures.

  It's pretty common for any internet-connected machine to use something like 
this.  SSH ports get hammered by bots looking to brute-force their way into a 
system and have for the last 10+ years.

I have some machines set up as "honeypots" where, if something like this hits 
them, the entire cluster blocks that IP address. I've definitely seen an uptick 
in connections to port 23 lately though. I have no idea why IOT devices insist 
on using telnet, as implementing ssh is simple.



Mike


.... Victory find a hundred fathers, but defeat is an orphan.
--- GoldED+/LNX 1.1.5-b20160322
 * Origin: War Ensemble - warensemble.com - Appleton, WI (1:154/30)

.