[ previous ] [ next ] [ threads ]
 
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Block 300 IP's
 Date:  Thu, 18 Dec 2008 09:05:50 -0600
Frank Richter wrote:
> Hi,
> 
> is it possible to block 300 IP's easily with Mono?
> 
> 
> Background:
> I want to block the ongoing ssh-brute-force-attempts (300 IP's) to me 
> network. But in Mono
> it's only possible to block networks or single hosts (I will not add 300 
> rules).
> 
> Is there a way may be hidden to add something like:
> 
> ipfw add deny from x.x.x.x, y.y.y.y, w.w.w.w, v.v.v.v to destination 
> port 22
> 
> Or set an alias and this alias points to 300 IP's

No, but...

First, let me add to Ryan, you can use fail2ban.  I love this program! 
It cuts a lot of garbage out.

Now that said, you need to expand your concept of network.  Start by 
sorting your ip addresses.  Now do a 'whois' of one.  See how many that 
netblock hits.  Block that netblock.  Also do the same for your IP 
addresses that you connect from, and allow them.  For example, I use 
AT&T dsl at home.  It is in the netblock 70.128.0.0/12, and if I allow 
only that I can still always connect.  This may help... 
http://www.subnet-calculator.com/cidr.php

With that approach, you can knock your 300 down to probably 10 or less. 
  Or allow only the subnet you are likely to use, which would probably 
be 5 or less.

			Lee