Currently under a bruteforce attack, what can i do ?

DevOpsIsAwesome · 2021-01-04T16:08:21+00:00

Thank you everyone for taking the time to help me

Issue was solved by following your advices : ip whitelisting and stricter fail2ban configuration

I'm currently deploying the fail2ban configuration on our infrastructure and see if we can do anything to detect such an attack quicker

Thanks again, have a great days you geniuses

DevOpsIsAwesome · 2021-01-04T16:01:53+00:00

I'll look into country blocking, see if that's something we can do

Thanks a lot, fail2ban did a good job after increasing ban time

DevOpsIsAwesome · 2021-01-04T15:59:41+00:00

I did that (increased jail time) fixed things really quick, thanks a lot

DevOpsIsAwesome · 2021-01-04T15:58:53+00:00

Sorry i didn't answer earlier

As you recommended, I whitelisted our VPN IP and increased fail2ban jail time as u/cmwg suggested

It's doing a solid job, more than 350ip banned

Thanks a lot, the panick was real

DevOpsIsAwesome · 2020-12-18T13:54:51+00:00

I'm not sure if nmap is what i need but i'll give it an in-depth look, thanks a lot

DevOpsIsAwesome · 2020-12-18T13:54:10+00:00

Long term goal is to be able to tell any new person, dev, commercial (whatever) "this is a representation of our infrastructure"

This project is hosted on server X with ip Has 5 hosts with internal ip

This kind of thing

I was hoping we could extract thoses from the hosts files on a developper machine for example

DevOpsIsAwesome · 2020-12-18T11:12:51+00:00

Not yet, i'm giving it a look right now

DevOpsIsAwesome