Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
nickdothutton
on Sept 25, 2021
|
parent
|
context
|
favorite
| on:
AS13335 doing SSH scanning
Just use something like fail2ban to drop these at the packet filter level, either courtesy of your cloud provider or on the host itself. Make sure your sshd config is watertight.
loeg
on Sept 25, 2021
|
next
[–]
You know, or just don’t use fail2ban:
https://research.securitum.com/fail2ban-remote-code-executio...
. It’s adding extra attack surface for a cosmetic benefit.
tempodox
on Sept 25, 2021
|
parent
|
next
[–]
Good catch, thanks!
Remedy: Don't let fail2ban send mail, or at least remove the whois part.
nousermane
on Sept 25, 2021
|
prev
|
next
[–]
Are there reputable places where people can share the IPs tripping fail2ban? Like spamhaus.org, but for scanners?
cpach
on Sept 26, 2021
|
parent
|
next
[–]
Honest question: Why bother?
megous
on Sept 25, 2021
|
prev
[–]
nftables allows to automatize blocking of IP addresses (even with a automatic timeout) without any userspace involvement.
Pretty nifty feature.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: