Show Posts
1
General Discussion / Counts externally accessed IP addresses via iptables or something similar
« on: June 04, 2022, 11:45:14 pm »
Hello!
I own a hosting company and I often face the situation where my clients using weak passwords end up being broken and at the same time my VPSs become the source of scans on other hosting companies.
I managed to block through Suricata the situation in which a client scans a certain IP address for several ports or several passwords for the SSH port.
What I fail to do is prevent a client from sending TCP or UDP packets to detect on a subnet /24 which IP addresses have port 22 or another specific port open.
I recently tried iptables using the "hashlimit" module but from what I've tested, hashlimit doesn't make the difference between accessing 3 times the same 4 IP addresses in the last x seconds and accessing 12 different IP addresses in the same time frame.
I use proxmox to virtualize pve-firewall (iptables) but I would like to know if OpenSense could help me cover the vulnerability described above.
Any help is welcome.
Thanks!
I own a hosting company and I often face the situation where my clients using weak passwords end up being broken and at the same time my VPSs become the source of scans on other hosting companies.
I managed to block through Suricata the situation in which a client scans a certain IP address for several ports or several passwords for the SSH port.
What I fail to do is prevent a client from sending TCP or UDP packets to detect on a subnet /24 which IP addresses have port 22 or another specific port open.
I recently tried iptables using the "hashlimit" module but from what I've tested, hashlimit doesn't make the difference between accessing 3 times the same 4 IP addresses in the last x seconds and accessing 12 different IP addresses in the same time frame.
I use proxmox to virtualize pve-firewall (iptables) but I would like to know if OpenSense could help me cover the vulnerability described above.
Any help is welcome.
Thanks!