[00:48] <cyberanger> minasota: Can't brute force an SSH key (well, I suppose you can, if the key is too small)
[00:49] <cyberanger> Can't brute force the SSL key to get on my VPN to try either
[00:49] <cyberanger> Tor hidden service they can try again, but again, I'm forcing SSH keys only
[00:51] <minasota> I'm not talking about the key. The link was talking about how to use host.allow and host.deny to block ip's from country origin
[00:52] <minasota> Using GeoIP and a small script. I'm sure fail2ban is sufficient (maybe) but I though it wa interesting that host.deny and host.allow had that capability
[00:53] <minasota> That's all
[00:53] <cyberanger> Ah Right, I'm saying I can't use that method becuase local addresses pass
[00:55] <Unit193> ed25519++
[00:56] <minasota> It says in the link "
[00:56] <minasota> Note: is an IP address cannot be matched to a country (such as an internal IP address),
[00:56] <minasota> the connection is accepted too (see the $COUNTRY = "IP Address not found").
[00:56] <cyberanger> Yeah, and localhost and RFC1918 can't be matched
[00:57] <Unit193> cyberanger: On one host, I have a hidden tor service pointing to SSH, Just In Case™
[00:57] <minasota> Ok, I have no idea what you all talking about. I need to read more...
[00:58] <minasota> Thanks for the info
[02:47] <wrst> Howdy Omnifrog
[02:47] <Omnifrog> hi wrst
[02:48] <Omnifrog> how goes it?
[02:48] <wrst> How are things going?
[02:48] <Omnifrog> hot and miserable
[02:48] <Omnifrog> too hot to get out on the tractor
[02:51] <Omnifrog> this channel got quiet over the years
[02:52] <Omnifrog> well, quieter
[02:54] <Omnifrog> right then
[02:55] <Omnifrog> ttfn
[12:15] <minasota> cyberanger: I read RFC1918. What did you mean by "Yeah, and localhost and RFC1918 can't be matched"?
[16:15] <cyberanger> No country to match them to, so they pass, as they should (in my case)
[16:16] <cyberanger> Basically I banned all countries (from the scripts perspective)
[16:31] <cyberanger> minasota: ^
[20:01] <minasota> cyberanger: got it. btw, RFC1918 seems a little... dated
[20:02] <cyberanger> How so?
[20:03] <minasota> It was last updated in 1996.
[20:04] <minasota> Doesn't address ipv6, not from what I saw
[20:18] <minasota> And, a personal rant. Fail2ban is crap
[20:20] <minasota> sshguard seems to work better
[20:33] <cyberanger> It wasn't made to support ipv6, it was made to extend ipv4 long enough to develop and adopt ipv6, 20 years later we're still stuck on that issue
[20:34] <cyberanger> Old does not mean irrelevant, if anything it's more relevant than ever
[20:34] <cyberanger> For proof, run ifconfig and compare it