You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ability to "scan" for subnets instead of hosts.
If multiple hosts within a /24 tries to brute force, give that /24 a ban.
it may give a lot of false positives, but a option to chose would be perfect.
Just like the option we have now to ban a /24 "IPv4 subnet size to apply ban on (8-32):"
Just another ability to choose "IPv4 subnet size to scan Max. attempts on (8-32):
Motivation
A botnet brute force attack on my mailcow has been bugging me, and blocking port 465 is not ideal.
(even though blocking the most active countries with geoip on firewall.)
Fail2ban won't ban the adresses, because it's never the same address... But 80% of the time it's neighboring addresses with same subnet, fail2ban just can't see that with mailcow.
I know it is possible to "scan" for subnet.
Additional context
No response
The text was updated successfully, but these errors were encountered:
Summary
The ability to "scan" for subnets instead of hosts.
If multiple hosts within a /24 tries to brute force, give that /24 a ban.
it may give a lot of false positives, but a option to chose would be perfect.
Just like the option we have now to ban a /24 "IPv4 subnet size to apply ban on (8-32):"
Just another ability to choose "IPv4 subnet size to scan Max. attempts on (8-32):
Motivation
A botnet brute force attack on my mailcow has been bugging me, and blocking port 465 is not ideal.
(even though blocking the most active countries with geoip on firewall.)
Fail2ban won't ban the adresses, because it's never the same address... But 80% of the time it's neighboring addresses with same subnet, fail2ban just can't see that with mailcow.
I know it is possible to "scan" for subnet.
Additional context
No response
The text was updated successfully, but these errors were encountered: