Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Counts externally accessed IP addresses via iptables or something similar
« previous
next »
Print
Pages: [
1
]
Author
Topic: Counts externally accessed IP addresses via iptables or something similar (Read 662 times)
FlorinMarian
Newbie
Posts: 1
Karma: 0
Counts externally accessed IP addresses via iptables or something similar
«
on:
June 04, 2022, 11:45:14 pm »
Hello!
I own a hosting company and I often face the situation where my clients using weak passwords end up being broken and at the same time my VPSs become the source of scans on other hosting companies.
I managed to block through Suricata the situation in which a client scans a certain IP address for several ports or several passwords for the SSH port.
What I fail to do is prevent a client from sending TCP or UDP packets to detect on a subnet /24 which IP addresses have port 22 or another specific port open.
I recently tried iptables using the "hashlimit" module but from what I've tested, hashlimit doesn't make the difference between accessing 3 times the same 4 IP addresses in the last x seconds and accessing 12 different IP addresses in the same time frame.
I use proxmox to virtualize pve-firewall (iptables) but I would like to know if OpenSense could help me cover the vulnerability described above.
Any help is welcome.
Thanks!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Counts externally accessed IP addresses via iptables or something similar