Reply to post: Re: Curious

Linode: Back at last after ten days of hell

Peter2 Silver badge

Re: Curious

You might want to look at fail2ban. It'll dynamically firewall off any IPs that make more than a user-definable number of failed login attempts.

My personal experience is that attackers rarely use the same IP more than once. When I get port scanned or spammed my experience is that it's done by thousands of different IP's, all scanning a handful of IP's (sometimes even one to an IP!) and spamming appears to have largely gone the same way.

With antispam, I have honeypots set up for a lot of email addresses and I rarely get more than a couple of emails from a single IP which hugely devalues IP blacklists. On the flipside, this does mean that any given site learns a huge number of IP's from botnet members though, so perhaps somebody needs to come up with a automatic system for looking up and emailing the abuse contacts responsible for the IP's to take advantage of this.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019