cyberangerminasota: Can't brute force an SSH key (well, I suppose you can, if the key is too small)00:48
cyberangerCan't brute force the SSL key to get on my VPN to try either00:49
cyberangerTor hidden service they can try again, but again, I'm forcing SSH keys only00:49
minasotaI'm not talking about the key. The link was talking about how to use host.allow and host.deny to block ip's from country origin00:51
minasotaUsing GeoIP and a small script. I'm sure fail2ban is sufficient (maybe) but I though it wa interesting that host.deny and host.allow had that capability00:52
minasotaThat's all00:53
cyberangerAh Right, I'm saying I can't use that method becuase local addresses pass00:53
minasotaIt says in the link "00:56
minasotaNote: is an IP address cannot be matched to a country (such as an internal IP address),00:56
minasotathe connection is accepted too (see the $COUNTRY = "IP Address not found").00:56
cyberangerYeah, and localhost and RFC1918 can't be matched00:56
Unit193cyberanger: On one host, I have a hidden tor service pointing to SSH, Just In Caseā„¢00:57
minasotaOk, I have no idea what you all talking about. I need to read more...00:57
minasotaThanks for the info00:58
wrstHowdy Omnifrog02:47
Omnifroghi wrst02:47
Omnifroghow goes it?02:48
wrstHow are things going?02:48
Omnifroghot and miserable02:48
Omnifrogtoo hot to get out on the tractor02:48
Omnifrogthis channel got quiet over the years02:51
Omnifrogwell, quieter02:52
Omnifrogright then02:54
minasotacyberanger: I read RFC1918. What did you mean by "Yeah, and localhost and RFC1918 can't be matched"?12:15
cyberangerNo country to match them to, so they pass, as they should (in my case)16:15
cyberangerBasically I banned all countries (from the scripts perspective)16:16
cyberangerminasota: ^16:31
minasotacyberanger: got it. btw, RFC1918 seems a little... dated20:01
cyberangerHow so?20:02
minasotaIt was last updated in 1996.20:03
minasotaDoesn't address ipv6, not from what I saw20:04
minasotaAnd, a personal rant. Fail2ban is crap20:18
minasotasshguard seems to work better20:20
cyberangerIt wasn't made to support ipv6, it was made to extend ipv4 long enough to develop and adopt ipv6, 20 years later we're still stuck on that issue20:33
cyberangerOld does not mean irrelevant, if anything it's more relevant than ever20:34
cyberangerFor proof, run ifconfig and compare it20:34

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!