Liens intéressants Journal du hacker semaine #11
Lire la suite
iblock is an inetd program adding the client IP to a Packet Filter table.
It is meant to be used to block scanner connecting on unused ports.
Upon connection, the IP is added to a PF table and all established connections with this IP are killed. You need to use a PF bloking rule using the table.
— Permalien
pf-badhost is a fast, bi-directional network filtering utility powered by the PF firewall. pf-badhost blocks many of the internet's biggest irritants - annoyances such as SSH and SMTP bruteforcers are largely eliminated. Shodan scans and bots looking for webservers to abuse are stopped dead in their tracks. When used to filter outbound traffic, pf-badhost blocks many seedy, spooky malware containing web hosts
— Permalien