| cyberanger | minasota: Can't brute force an SSH key (well, I suppose you can, if the key is too small) | 00:48 |
|---|---|---|
| cyberanger | Can't brute force the SSL key to get on my VPN to try either | 00:49 |
| cyberanger | Tor hidden service they can try again, but again, I'm forcing SSH keys only | 00:49 |
| minasota | I'm not talking about the key. The link was talking about how to use host.allow and host.deny to block ip's from country origin | 00:51 |
| minasota | Using GeoIP and a small script. I'm sure fail2ban is sufficient (maybe) but I though it wa interesting that host.deny and host.allow had that capability | 00:52 |
| minasota | That's all | 00:53 |
| cyberanger | Ah Right, I'm saying I can't use that method becuase local addresses pass | 00:53 |
| Unit193 | ed25519++ | 00:55 |
| minasota | It says in the link " | 00:56 |
| minasota | Note: is an IP address cannot be matched to a country (such as an internal IP address), | 00:56 |
| minasota | the connection is accepted too (see the $COUNTRY = "IP Address not found"). | 00:56 |
| cyberanger | Yeah, and localhost and RFC1918 can't be matched | 00:56 |
| Unit193 | cyberanger: On one host, I have a hidden tor service pointing to SSH, Just In Caseā¢ | 00:57 |
| minasota | Ok, I have no idea what you all talking about. I need to read more... | 00:57 |
| minasota | Thanks for the info | 00:58 |
| wrst | Howdy Omnifrog | 02:47 |
| Omnifrog | hi wrst | 02:47 |
| Omnifrog | how goes it? | 02:48 |
| wrst | How are things going? | 02:48 |
| Omnifrog | hot and miserable | 02:48 |
| Omnifrog | too hot to get out on the tractor | 02:48 |
| Omnifrog | this channel got quiet over the years | 02:51 |
| Omnifrog | well, quieter | 02:52 |
| Omnifrog | right then | 02:54 |
| Omnifrog | ttfn | 02:55 |
| minasota | cyberanger: I read RFC1918. What did you mean by "Yeah, and localhost and RFC1918 can't be matched"? | 12:15 |
| cyberanger | No country to match them to, so they pass, as they should (in my case) | 16:15 |
| cyberanger | Basically I banned all countries (from the scripts perspective) | 16:16 |
| cyberanger | minasota: ^ | 16:31 |
| minasota | cyberanger: got it. btw, RFC1918 seems a little... dated | 20:01 |
| cyberanger | How so? | 20:02 |
| minasota | It was last updated in 1996. | 20:03 |
| minasota | Doesn't address ipv6, not from what I saw | 20:04 |
| minasota | And, a personal rant. Fail2ban is crap | 20:18 |
| minasota | sshguard seems to work better | 20:20 |
| cyberanger | It wasn't made to support ipv6, it was made to extend ipv4 long enough to develop and adopt ipv6, 20 years later we're still stuck on that issue | 20:33 |
| cyberanger | Old does not mean irrelevant, if anything it's more relevant than ever | 20:34 |
| cyberanger | For proof, run ifconfig and compare it | 20:34 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!