Shell/Self Defense

Aus Doc-Wiki
Version vom 19. April 2017, 07:11 Uhr von imported>Burghardt (→‎Blacklists)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

Back to Shell


To fight brute force attacks we tried several mechanisms including fail2ban, knockd and rate limiting. All of them worked technically correct. But all of them did not reduce the attacks to an acceptable low level. One consequence is the introduction of #2FA as a requirement.

Blacklists

Finally — as of 08.August 2016 — there are several external(!) lists involved. These lists are queried twice a day and a simple "iptables ... -j DROP" evaluates an aggregated list. It contains more than 40000 single addresses and 900 networks. The number of entries is highly dynamic. Peaks got over a 110000 entries...

The attempts to login as root dropped from >10000 (peaks were >80000) per day to a few dozen.

Please give feedback if you feel this list to be too restrictive.



Back to Shell