[CentOS] Blocking attacks from a range of IP addresses

Thu Jan 9 01:44:35 UTC 2020
Keith Christian <keith1christian at gmail.com>

On Wed, Jan 8, 2020 at 5:37 PM H <agents at meddatainc.com> wrote:

> I am being attacked by an entire subnet where the first two parts of the
> IP address remain identical but the last two parts vary sufficiently that
> it is not caught by fail2ban since the attempts do not meet the cut-off of
> a certain number of attempts within the given time.
>
> Has anyone created a fail2ban filter for this type of attack? As of right
> now, I have manually banned a range of IP addresses but would like to
> automate it for the future.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

Tough one.

Not the solution you’re looking for, but until you have a solution, block
the whole range in iptables.