Subj : Re: Banned
To   : Mike Powell
From : Digimaus
Date : Tue Apr 30 2024 19:58:30

-=> Mike Powell wrote to DIGIMAUS <=-

 MP> I think I have had a few Microsoft IPAs wind up in the banned file over
 MP> the years.  I also get a chuckle out of it.  ;)

With this "recidive-subnet" filter for fail2ban and using the built-in
"pam-generic" filter, that combo works well.  I have pfSense up and running
now as my former router couldn't handle my 600/600 fiber connection.  So
after tossing together an old HP EliteDesk 705 (3.4 gHz i5, 8GB RAM) with
two Intel PRO/1000 PCIe NICs, I've had some good success.

From a speedtest.net test I just ran: https://tinyurl.com/zd8w8w43

I'm getting 608 mbps down and 605 mbps up (rounded) so I am definitely not
complaining!

Anyhow, back to the filter...lately it's been a bunch of subnets belonging
to Tencent in Singapore.  Those Chinese script kiddies and CCP members are
everywhere! XD

What's funny is that I have port 22 wide open and interestingly enough, the
rest of my filters are empty:

{'recidive-subnet': ['163.47.39.0', '129.226.147.0', '43.134.118.0',
'154.16.56.0', '192.144.65.0', '43.163.237.0', '124.156.223.0',
'43.130.42.0', '43.163.214.0', '43.134.111.0', '20.197.49.0']}

Almost all of the above are from Chinese ISPs.

The ban time for that filter is 26 weeks.  Sucks to be them.

-- Sean

.... That must be wonderful!  I don't understand it at all.
--- MultiMail/Linux v0.52
 * Origin: Outpost BBS * Johnson City, TN (618:618/1)

.