Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Netfilter / Fail2Ban network range failed attempt #6051

Open
mrpedersen38 opened this issue Aug 27, 2024 · 0 comments
Open

Netfilter / Fail2Ban network range failed attempt #6051

mrpedersen38 opened this issue Aug 27, 2024 · 0 comments
Labels
enhancement

Comments

@mrpedersen38
Copy link

Summary

The ability to "scan" for subnets instead of hosts.
If multiple hosts within a /24 tries to brute force, give that /24 a ban.

it may give a lot of false positives, but a option to chose would be perfect.
Just like the option we have now to ban a /24 "IPv4 subnet size to apply ban on (8-32):"

Just another ability to choose "IPv4 subnet size to scan Max. attempts on (8-32):

Motivation

A botnet brute force attack on my mailcow has been bugging me, and blocking port 465 is not ideal.
(even though blocking the most active countries with geoip on firewall.)
Fail2ban won't ban the adresses, because it's never the same address... But 80% of the time it's neighboring addresses with same subnet, fail2ban just can't see that with mailcow.
I know it is possible to "scan" for subnet.

Additional context

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mrpedersen38