OPNsense Forum

English Forums => General Discussion => Topic started by: FlorinMarian on June 04, 2022, 11:45:14 pm

Title: Counts externally accessed IP addresses via iptables or something similar
Post by: FlorinMarian on June 04, 2022, 11:45:14 pm
Hello!

I own a hosting company and I often face the situation where my clients using weak passwords end up being broken and at the same time my VPSs become the source of scans on other hosting companies.

I managed to block through Suricata the situation in which a client scans a certain IP address for several ports or several passwords for the SSH port.

What I fail to do is prevent a client from sending TCP or UDP packets to detect on a subnet /24 which IP addresses have port 22 or another specific port open.

I recently tried iptables using the "hashlimit" module but from what I've tested, hashlimit doesn't make the difference between accessing 3 times the same 4 IP addresses in the last x seconds and accessing 12 different IP addresses in the same time frame.

I use proxmox to virtualize pve-firewall (iptables) but I would like to know if OpenSense could help me cover the vulnerability described above.

Any help is welcome.

Thanks!