Blacklist range of IPs... not blocking the entire range
Problem reported by Rod Strumbel - 12/3/2019 at 7:31 AM
So on 11/21/19 I blacklisted -   because over 80 IPs in that range were using dictionary attacks against our SM machine.

Yet today (12/3/19) I am still seeing hacking attempts from,,

They are not getting thru, but still my understanding is that the blacklist should be dropping connections from these IPs IMMEDIATELY and not even communicate with them.  So... I should not be seeing all these attempts.

Something wrong with the blacklist when specifying a range like the above?


1 Reply

Reply to Thread
Rod Strumbel Replied
In fact... I just ran across a single IP instance doing the same thing.

This one was detected by IDS  ( no date applied info, which is something missing IMO when these get shifted from IDS listing to blacklisted)

But I am still seeing hacking on that same IP in last nights log file analysis... obvious dictionary attack.

Something is up with the blacklist process not really blacklisting.


Reply to Thread