[ previous ] [ next ] [ threads ]
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Block 300 IP's
 Date:  Thu, 18 Dec 2008 09:05:50 -0600
Frank Richter wrote:
> Hi,
> is it possible to block 300 IP's easily with Mono?
> Background:
> I want to block the ongoing ssh-brute-force-attempts (300 IP's) to me 
> network. But in Mono
> it's only possible to block networks or single hosts (I will not add 300 
> rules).
> Is there a way may be hidden to add something like:
> ipfw add deny from x.x.x.x, y.y.y.y, w.w.w.w, v.v.v.v to destination 
> port 22
> Or set an alias and this alias points to 300 IP's

No, but...

First, let me add to Ryan, you can use fail2ban.  I love this program! 
It cuts a lot of garbage out.

Now that said, you need to expand your concept of network.  Start by 
sorting your ip addresses.  Now do a 'whois' of one.  See how many that 
netblock hits.  Block that netblock.  Also do the same for your IP 
addresses that you connect from, and allow them.  For example, I use 
AT&T dsl at home.  It is in the netblock, and if I allow 
only that I can still always connect.  This may help... 

With that approach, you can knock your 300 down to probably 10 or less. 
  Or allow only the subnet you are likely to use, which would probably 
be 5 or less.