Sorry, I haven't tried it yet. I'll do it ASAP.
On Tue, 15 Jan 2019 21:05:32 -0600
ed...@pettijohn-web.com wrote:
> On Sun, Jan 13, 2019 at 01:39:13PM -0600, ed...@pettijohn-web.com wrote:
> > On Sun, Jan 13, 2019 at 08:04:32PM +0100, Radek wrote:
> > > Hi,
> > >
> > > I would gladly play with
On Sun, Jan 13, 2019 at 01:39:13PM -0600, ed...@pettijohn-web.com wrote:
> On Sun, Jan 13, 2019 at 08:04:32PM +0100, Radek wrote:
> > Hi,
> >
> > I would gladly play with your script. Would you please share it @misc.
> > Maybe our community could develope it further...
Just curious if anyone
On Sun, Jan 13, 2019 at 08:04:32PM +0100, Radek wrote:
> Hi,
>
> I would gladly play with your script. Would you please share it @misc. Maybe
> our community could develope it further...
>
> On Sun, 13 Jan 2019 12:43:15 -0600
> ed...@pettijohn-web.com wrote:
>
> > On Fri, Jan 11, 2019 at
Hi,
I would gladly play with your script. Would you please share it @misc. Maybe
our community could develope it further...
On Sun, 13 Jan 2019 12:43:15 -0600
ed...@pettijohn-web.com wrote:
> On Fri, Jan 11, 2019 at 09:30:38AM +1100, Aaron Mason wrote:
> > I knew it wouldn't trigger on the
On Fri, Jan 11, 2019 at 09:30:38AM +1100, Aaron Mason wrote:
> I knew it wouldn't trigger on the first attempt, but I had a sneaking
> suspicion that you'd need something to listen on that port. Is there
> a way to achieve what we seek, in that case, without userland tools?
>
> On Thu, Jan 10,
On 2019-01-10, Aaron Mason wrote:
> On Thu, Jan 10, 2019 at 9:18 PM Stuart Henderson wrote:
>>
>> On 2019-01-09, Aaron Mason wrote:
>> > Hi Jordan
>> >
>> > I've set it up to try it, but I'm not having much luck. Even when I
>> > trigger more than one, it still doesn't populate the bad_hosts
I knew it wouldn't trigger on the first attempt, but I had a sneaking
suspicion that you'd need something to listen on that port. Is there
a way to achieve what we seek, in that case, without userland tools?
On Thu, Jan 10, 2019 at 9:18 PM Stuart Henderson wrote:
>
> On 2019-01-09, Aaron Mason
On 2019-01-09, Aaron Mason wrote:
> Hi Jordan
>
> I've set it up to try it, but I'm not having much luck. Even when I
> trigger more than one, it still doesn't populate the bad_hosts table,
> even again when I extend the rate period to 86400 seconds. I've added
> logging so I know the rule is
Hi Jordan
I've set it up to try it, but I'm not having much luck. Even when I
trigger more than one, it still doesn't populate the bad_hosts table,
even again when I extend the rate period to 86400 seconds. I've added
logging so I know the rule is triggering. See below.
git# tcpdump -i pflog0
Hi,
I am bit surprised how this subject has spiralled. Interesting reading from all
the comments and suggestions.
Nino
> On 9 Jan 2019, at 1:23 pm, Jordan Geoghegan wrote:
>
>
>
> On 01/08/19 18:08, tomr wrote:
>>
>> On 1/9/19 12:42 PM, Jordan Geoghegan wrote:
>>> Yikes. Everything you
On 01/08/19 18:08, tomr wrote:
On 1/9/19 12:42 PM, Jordan Geoghegan wrote:
Yikes. Everything you are (erroneously) trying to do here can be done
without leaving your pf.conf.
Remember, KISS.
Is there a way to add an address to a table from within a rule, or
something to that effect? I
On 1/9/19 12:42 PM, Jordan Geoghegan wrote:
>
> Yikes. Everything you are (erroneously) trying to do here can be done
> without leaving your pf.conf.
>
> Remember, KISS.
>
Is there a way to add an address to a table from within a rule, or
something to that effect? I can't see such an
On 01/08/19 16:46, Daniel Jakots wrote:
On Tue, 8 Jan 2019 16:07:43 -0800, Misc User
wrote:
Doing some work on it the other day, I noticed it opens a pretty big
command injection hole if pfctl doesn't kill the connection before
the connecting source gets a chance to send data. An attacker
On 01/08/19 16:07, Misc User wrote:
On 1/8/2019 3:16 PM, Aaron Mason wrote:
On Sat, Jan 5, 2019 at 5:46 AM Misc User
wrote:
On 1/3/2019 11:20 PM, Radek wrote:
A little ncat, sed, pfctl, and a dash of cron are able to do
the job just fine. cron is just there to start the ncat processes
On Tue, 8 Jan 2019 16:07:43 -0800, Misc User
wrote:
> Doing some work on it the other day, I noticed it opens a pretty big
> command injection hole if pfctl doesn't kill the connection before
> the connecting source gets a chance to send data. An attacker could
> connect to the port and send
On 1/8/2019 3:16 PM, Aaron Mason wrote:
On Sat, Jan 5, 2019 at 5:46 AM Misc User wrote:
On 1/3/2019 11:20 PM, Radek wrote:
A little ncat, sed, pfctl, and a dash of cron are able to do
the job just fine. cron is just there to start the ncat processes at
boot and run an hourly script to do a
On Sat, Jan 5, 2019 at 5:46 AM Misc User wrote:
>
> On 1/3/2019 11:20 PM, Radek wrote:
> >> A little ncat, sed, pfctl, and a dash of cron are able to do
> >> the job just fine. cron is just there to start the ncat processes at
> >> boot and run an hourly script to do a pfctl -T expire 86400 to
On Jan 4, 2019 12:44 PM, Misc User wrote:
>
> On 1/3/2019 11:20 PM, Radek wrote:
> >> A little ncat, sed, pfctl, and a dash of cron are able to do
> >> the job just fine. cron is just there to start the ncat processes at
> >> boot and run an hourly script to do a pfctl -T expire 86400 to
> >>
On 1/3/2019 11:20 PM, Radek wrote:
A little ncat, sed, pfctl, and a dash of cron are able to do
the job just fine. cron is just there to start the ncat processes at
boot and run an hourly script to do a pfctl -T expire 86400 to
keep the table clean of old attackers.
Sounds good. Could you
> A little ncat, sed, pfctl, and a dash of cron are able to do
> the job just fine. cron is just there to start the ncat processes at
> boot and run an hourly script to do a pfctl -T expire 86400 to
> keep the table clean of old attackers.
Sounds good. Could you share your script here?
On
Hi Jordan,
Sincere thanks for sharing your script. Also thanks to others for their input
and comments.
Regards
Nino
> On 4 Jan 2019, at 10:19 am, Jordan Geoghegan wrote:
>
> Sorry for the double post, I got the link to the script wrong... woops.
>
> The actual link is:
>
>
On 1/3/2019 3:06 PM, Jordan Geoghegan wrote:
Hello,
I wrote a small script called 'pf-badhost' to block shodan and other
annoyances via pf firewall. Check out www.geoghegan.ca/pf-badhost.html
to see the script.
pf-badhost also blocks ssh bruteforcers and other annoyances by loading
a list
Sorry for the double post, I got the link to the script wrong... woops.
The actual link is:
www.geoghegan.ca/pfbadhost.html
On 01/03/19 15:06, Jordan Geoghegan wrote:
Hello,
I wrote a small script called 'pf-badhost' to block shodan and other
annoyances via pf firewall. Check out
Hello,
I wrote a small script called 'pf-badhost' to block shodan and other
annoyances via pf firewall. Check out www.geoghegan.ca/pf-badhost.html
to see the script.
pf-badhost also blocks ssh bruteforcers and other annoyances by loading
a list of regularly updated badhost lists from
Hello Nino,
well, there is a list of known Shodan scanners available:
https://wiki.ipfire.org/configuration/firewall/blockshodan
However, it seems to be outdated - I observed "dojo.census.shodan.io"
(IPv4: 80.82.77.139), too.
Since scanners usually try to bypass blocking attempts or
rate
Hi,
I wish to block all attempts by “shodan.io”. Basically I run an OpenBSD (6.4)
mail server using OpenSMTPD and notice quite bit of traffic all stemming from
“shodan.io". I have PF configured so I was wondering how to block such a domain
from making any attempts to connect to my server.
26 matches
Mail list logo