[nos-bbs] jnos blacklist feature (was Re: Jnos memory leak with forwarding)
g.ponza at tin.it
Thu Oct 19 16:53:22 EDT 2017
On 10/19/2017 08:06 PM, Maiko Langelaar wrote:
> I saw the part about login attemps and fail2ban, so here goes :
> > But if it's login attempts, then a useful tool is fail2ban.
> I wrote an experimental feature that blacklists bad logins. It might
> require 'refinements' to what people consider a bad login, but here
> are the autoexec.nos entries that I use on my production system :
> # run tcp watch for stale TCB entries (syn attacks) - every 5 min
> tcp watch 300
> # blacklist feature requires 'tcp access', at minimum you
> # must have this entry FIRST in the tcp access entries.
> tcp access permit all
> # blacklist bad logins for 15 minutes (900 seconds)
> mbox blacklist 900
> Look at the release notes on my webpage, and search for the
> word 'blacklist' it's all there. You should also note the additional
> 'tcp access expiry' feature to keep blacklist sizes 'in control'.
I used some TCP commands but not the full set of those above.
Look at the Max values inbound and outbound registered today
on the 'tun0' interface :)
Description: SICD TCP/IP router and Hamradio server
ifType: Linux Tunnel interface
Max Speed: 1.0 MBytes/s
Ip: 22.214.171.124 (i0ojj.ampr.org)
The statistics were last updated Thursday, 19 October 2017 at 22:40,
at which time 'i0ojj.ampr.org' had been up for 0:00:00.
`Daily' Graph (5 Minute Average)
Max Average Current
In 66.1 kb/s (0.8%) 952.0 b/s (0.0%) 816.0 b/s (0.0%)
Out 17.2 kb/s (0.2%) 912.0 b/s (0.0%) 280.0 b/s (0.0%)
73 and ciao, gus i0ojj/ir0aab
A proud member of linux team
Quidquid latine dictum sit, altum videtur
More information about the nos-bbs