[CentOS] [OT] odd network question

Mon Aug 5 08:31:56 UTC 2019
Giles Coochey <giles at coochey.net>

On 05/08/2019 09:18, Pete Biggs wrote:
>> I've found the default 10min bans hardly bother some attackers.
>> So I've added the "recidive" feature of fail2ban.  After the
>> second 10min ban, the attacker is blocked for 1 week.
>>
> Oh definitely. My systems are set to "3 bans and you're out" - a
> recidive ban is permanent after three other bans.  I have large parts
> of some subnets in my ban list as attackers just move from one host to
> another as they get banned.
>
> P.
>
I worked for a company some time back that had an association with a 
South African company who wanted to host some infrastructure in our data 
centre, the network admin there wanted a specific configuration for 
outbound source NAT from a certain host that would scroll through a list 
of source NAT IP addresses (think a whole /24) for every connection 
attempt, pretty sure it was for sending unsolicited emails, in any case 
the association with that company didn't last and I took redundancy 
after less than a year there.