Aaron Zauner ✆
2:34 PM (0 minutes ago)
Reply
to devops 
hi everyone!

sorry, i was really tierd yesterday (the heat is killing me!), but i
think everyone got the bigger picture (thx @ michael renner for
clarifying a lot of things).

short link writeup:
- http://www.fail2ban.org/wiki/index.php/Main_Page
- https://github.com/azet/fail2ban_serve_notice/blob/master/fail2ban_serve_notice.sh
(experimental! use with caution)
- http://www.cloudflare.com/
- http://www.projecthoneypot.org/home.php
- http://www.ietf.org/rfc/rfc2142.txt

the script will be extended & debugged. if i got enough time in the
next weeks i'll add API interfacing to cloudflare/projecthoneypot.
does anyone know similar projects (hannes mentioned something)?

my server currently only serves 22 and 80 (with the latter beeing
barely used) with a small amout of request -> thus i get a relatively
small amout of break-in/ddos attempts.
typical bouncing chinese mail adresses: bill.pang@bj.datadragon.net,
apnic@xjcnc.net, hostmaster@public1.nc.jx.cn, zhy0607@public.ty.sx.cn,
sxiptech@shanxitele.com, anti-spam@mail.jxptt.zj.cn [...] (these are
real ones i picked up)

http traffic analysis (via cloudflare) for the last 30 days:
http://i47.tinypic.com/10gfrdi.png -
http://i50.tinypic.com/34gm2q9.png (challenged meaning; the attacker
was presented with a captcha, because the IP subnet seemed malicious
to cloudflare)

so long,
azet