[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: fail2ban for NetBSD-based routers & networks
On Mon, Feb 11, 2013 at 9:00 PM, Erik Fair <fair%netbsd.org@localhost> wrote:
> I use NetBSD as a router for my public IP network. It works pretty well, but
> I'm getting really tired of the door-knob turners who keep trying accounts &
> passwords on ssh, IMAP, etc. I would like to shut them out of the network as
> a a whole at my router efficiently.
> I can't do much about UDP attacks on DNS - those may or may not have a valid
> source IP address, so it would be foolish to trust that enough to use it as
> filtering source data. However, any TCP based attack has to be two-way, so
> that's worth banning.
> Does anyone have a fail2ban equivalent for NetBSD that has:
> authentication of the sources of the filtered addresses (by that I mean, any
> one of N authenticated hosts may contribute an address to the filter, but no
> one gets to lie to it - yes, I recognize that this means it must operate
> under one administrative authority),
> aging management of the blacklist, i.e. addresses age out, but if they come
> back, the age-out period goes up either geometrically or exponentially, and
> the blacklist is persistent across router reboots, e.g. a database in /var/db
> exists which an rc script will load into the operational blacklist at boot.
> Clearly, such a daemon/service has to use one of the filtering mechanisms
> available in NetBSD, e.g. ipf, pf; it would be helpful to know which of those
> have been exercised enough to be trusted with a potentially high rate of
> table/filter change without crashing the kernel.
> Erik <fair%netbsd.org@localhost>
fail2ban is in wip
I started working on a fork many weekends ago but didn't get very far
due to the path assumptions made in the software.
Main Index |
Thread Index |