Shell/Self Defense: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
imported>Burghardt (Die Seite wurde neu angelegt: „Back to Shell ---- To fight brute force attacks we tried several mechanisms including fail2ban, knockd and rate limiting. All of them worked technically cor…“) |
imported>Burghardt |
||
Zeile 2: | Zeile 2: | ||
---- |
---- |
||
− | To fight brute force attacks we tried several mechanisms including fail2ban, knockd and rate limiting. All of them worked technically |
+ | To fight brute force attacks we tried several mechanisms including fail2ban, knockd and rate limiting. All of them worked technically correct. But all of them did ''not'' reduce the attacks to an acceptable low level. One consequence is the introduction of [[#2FA]] as a requirement. |
=== Blacklists === |
=== Blacklists === |
Version vom 3. April 2017, 10:51 Uhr
Back to Shell
To fight brute force attacks we tried several mechanisms including fail2ban, knockd and rate limiting. All of them worked technically correct. But all of them did not reduce the attacks to an acceptable low level. One consequence is the introduction of #2FA as a requirement.
Blacklists
Finally — as of 08.August 2016 — there are several external(!) lists involved. These lists are queried twice a day and a simple "iptables ... -j DROP" evaluates an aggregated list. It contains more than 40000 single addresses and 900 networks. The attempts to login as root dropped from >10000 (peaks were >80000) per day to a few dozen.
- "http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" # Project Honey Pot Directory of Dictionary Attacker IPs
- "https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes
- "https://www.maxmind.com/en/proxy-detection-sample-list" # MaxMind GeoIP Anonymous Proxies
- "http://danger.rulez.sk/projects/bruteforceblocker/blist.php" # BruteForceBlocker IP List
- "https://www.spamhaus.org/drop/drop.lasso" # Spamhaus Don't Route Or Peer List (DROP)
- "http://cinsscore.com/list/ci-badguys.txt" # C.I. Army Malicious IP List
- "https://www.openbl.org/lists/base.txt" # OpenBL.org 30 day List
- "https://lists.blocklist.de/lists/all.txt" # blocklist.de attackers
- "https://www.stopforumspam.com/downloads/toxic_ip_cidr.txt" # StopForumSpam
- "http://blocklist.greensnow.co/greensnow.txt" # GreenSnow
Please give feedback if you feel this list to be too restrictive.
Back to Shell