> On 11 Nov 2019, at 11:30, Conrad Wood <cnw@???> wrote:
>
> I read some reports on this list where people get random IPs
> scanning/probing ports. I have that same issue of course.
> I use a combination of fail2ban and some hooks in my software to build
> up a blacklist of IPs over time.
> My question is if it's feasible to have a bitfolk-hosted blacklist of
> IPs. If we were all to report our probes and scans into a (to-be-build)
> bitfolk system, we'd probably protect each other more quickly and
> effectively.
You might look at denyhosts, which I believe has a community blacklist at denyhosts.net <
http://denyhosts.net/>. If you don’t want to use denyhosts explicitly, you may be able to synchronise that database content with fail2ban.
It occurs to me though that these mechanisms would be an obvious vector for a DOS attack, by maliciously blacklisting harmless IP blocks. I don’t know what measures (if any) denyhosts has taken to prevent that.
Regards,
Chris
—
Chris Smith <space.dandy@???>
