logoalt Hacker News

BLKNSLVRyesterday at 11:19 PM5 repliesview on HN

I have my own system of IP reputation whereby if an IP address hits one of my systems with some probe or scan that I didn't ask for, then it's blocked for 12 months.

https://github.com/UninvitedActivity/UninvitedActivity

P.S. just to add a note here that I have been blocked out of my own systems occasionally from mobile / remote IPs due to my paranoia-level setup. But I treat that as learning / refinement, but also can accept that as the cost of security sometimes.

Replies

Lattyyesterday at 11:35 PM

My first thought is that with CGNAT ever more present, this kind of approach seems like it'll have a lot of collateral damage.

show 2 replies
ronsortoday at 1:23 AM

> can accept that as the cost of security sometimes

And corporate IT wonders why employees are always circumventing "security policies"...

show 1 reply
kevin_thibedeauyesterday at 11:41 PM

I perma-ban any /16 that hits fail2ban 100+ times. That cuts down dramatically on the attacks from the usual suspects.

show 2 replies
observationistyesterday at 11:26 PM

Nice, thanks for the link. Good to be ruthless about those things when you can.

paulddrapertoday at 12:23 AM

How often do you ask for probes or scans?

show 1 reply