Tag: fail2ban

Fighting SPAM with postfix and fail2ban

After detecting spammers with an RBL list you can block them for a predefined period of time with the help of fail2ban. How does it work:
– fail2ban parses mail.log
– when a spammer IP is found it is added to a temporary list
– future requests from the spammer’s IP is blocked Continue reading “Fighting SPAM with postfix and fail2ban”

Adaptive DDOS IDS firewall

We had a task to build a simple solution for DDOS protection on the learning phase of attack. Main goals were:

  1. To build it fast: We chose Ubuntu … as everything needed is compiled and build in.
  2. Minimum network intervention: We opted for L2/L3 bridge with iptables integration which we plugged between our autonomous system (AS) and internet.
  3. Auto learning offenders: Using honeypot service to distinguish non-legitimate connections. Log source IP address and drop packet with iptables. Using suricata ids to additionally analyze client requests.
  4. Auto block offenders: Using fail2ban to pars logs generated by iptables and suricata and temporary disable all connections from offending sources.
  5. Have some connection limit capabilities: Again we used iptables with connlimit and conntrack modules activated.

Continue reading “Adaptive DDOS IDS firewall”