Blacklist range of IPs... not blocking the entire range
Problem reported by Rod Strumbel - 12/3/2019 at 7:31 AM
Submitted
So on 11/21/19 I blacklisted   46.38.144.0 - 46.38.144.255   because over 80 IPs in that range were using dictionary attacks against our SM machine.

Yet today (12/3/19) I am still seeing hacking attempts from   46.38.144.17,  46.38.144.32,  46.38.144.57

They are not getting thru, but still my understanding is that the blacklist should be dropping connections from these IPs IMMEDIATELY and not even communicate with them.  So... I should not be seeing all these attempts.

Something wrong with the blacklist when specifying a range like the above?

Rod

1 Reply

Reply to Thread
0
Rod Strumbel Replied
In fact... I just ran across a single IP instance doing the same thing.

This one was detected by IDS    92.118.38.38  ( no date applied info, which is something missing IMO when these get shifted from IDS listing to blacklisted)

But I am still seeing hacking on that same IP in last nights log file analysis... obvious dictionary attack.

Something is up with the blacklist process not really blacklisting.

Rod

Reply to Thread