[nos-bbs] fail2ban and denial of service
maiko at pcs.mb.ca
Mon Feb 9 18:17:49 EST 2015
Arrggggggg, this was supposed to go to the list ...
---------- Forwarded message ----------
Date: Mon, 9 Feb 2015 17:17:09 -0600 (CST)
From: Maiko Langelaar <maiko at pcs.mb.ca>
To: Michael E Fox - N6MEF <n6mef at mefox.org>
Subject: Re: [nos-bbs] fail2ban and denial of service
I have an experimental 'blacklist' for telnet based on some
new tcp access mods I did a few weeks ago. It will blacklist
any invalid logins (like root, sh, and so on) using the tcp
access functionality. It does it immediately. I doubt the
ip addresses blacklisted are the same ones providing good
I was hoping this could wait, but I guess if you want me
to release it for fun, I could do that ...
> If I configure fail2ban to block an IP address because of, say, a ?bad
> login? entry in nos.log, then that will also block legitimate telnet
> forwarding from that host.
Chances of legitimate logins to JNOS from the same IP that tried 'root' and
'sh' (so far anyways) are next to none that I've seen
(so far that is).
More information about the nos-bbs