Blocking offending IPs : How many are too many to handle for npf?

To: netbsd-users <netbsd-users%netbsd.org@localhost>
Subject: Blocking offending IPs : How many are too many to handle for npf?
From: Mayuresh <mayuresh%acm.org@localhost>
Date: Thu, 24 May 2018 07:18:36 +0530

Just tinkering with blacklistd settings.

Trying to arrive at a good duration for blocking.

I find that for 6 hours blocking, the blocked IPs settle around 90 to 100.

Most of them just recur after block duration is over, typically they might
be bots.

Increasing the block duration would increase the count of blocked IPs.
Would that start affecting any aspects of performance of my system or
is there any limit beyond which npf won't accept them?

i.e. what are absolute limits and what are advisable counts of
simultaneously blocked IPs?

Further, are there any ways to figure out ranges of IPs to block? I need
ssh access from only handful of devices, but not all have static IPs. I
think Geography may provide a clue, but not sure what's the best way to
utilize such clue.

Mayuresh

Follow-Ups:
- Re: Blocking offending IPs : How many are too many to handle for npf?
  - From: Brad Spencer
- Re: Blocking offending IPs : How many are too many to handle for npf?
  - From: Christos Zoulas

Prev by Date: Re: sshguard fails to start
Next by Date: Re: Blocking offending IPs : How many are too many to handle for npf?
Previous by Thread: rump kernel approach?
Next by Thread: Re: Blocking offending IPs : How many are too many to handle for npf?
Indexes:

Home | Main Index | Thread Index | Old Index