• tetris11
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Kind of - I obfuscate the port because it won’t show up on the list of well known TCP and UDP ports[0], but be in ephemeral region. To attack this port they would have to guess the number or do a full wide port scan of the system which will waste a large amount of their time. Though granted, they need probably less than a week.

    I’ve honestly never understood the defaults of fail2ban, which seemed to do nothing on every system I’ve tried it on. I get much better results by parsing the journalctl logs, and grouping the ips and then passing them directly into iptables or UFW.

    shodan

    You’re probably right. What is shodan?

    0: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers