From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <9front-bounces@9front.inri.net> X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE, MAILING_LIST_MULTI,MIME_QP_LONG_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: from 9front.inri.net (9front.inri.net [168.235.81.73]) by inbox.vuxu.org (Postfix) with ESMTP id A332124038 for ; Fri, 26 Jul 2024 00:35:46 +0200 (CEST) Received: from mx1.mythic-beasts.com ([46.235.224.141]) by 9front; Thu Jul 25 18:33:43 -0400 2024 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=quintile.net; s=mythic-beasts-k1; h=To:Date:Subject:From; bh=fWJoihr1efJRQ3ro0wMiHqp9LzDOCNxKW1Bobw9jcqc=; b=g8h7nN/TIh+pdNMnlIS0vGz/Ui 1DfvOlsCn0va/1HsXZvTHnxpomwQHtzEX8z7gTZrDzJlrsT21zDZd2B88iLh5ld8OHho5GwBbVIsb oIvnOXIzGI/rK4ZdDwoDg4hByTZDOUqt7kN2KQkCSMT5cBZEVTeWJm/NXD8l+AfSNPI8yuXbmR+jE 3p11Ua3d7RYnnaqFVoshaO7bztojcOUcO3Ln53cnQpLKdDRcBGtWq4h00WXKsgbwiSDQjP4x2XDJX ZeKeb4QeaQxxFnvebkojeQDhmeIQpTIpWORzmCgGvo2vbP2MecsZ+IrkKNuNZm0K+2h9kYiedLCG4 edEZnjQQ==; Received: by mailhub-cam-d.mythic-beasts.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sX71p-0069OO-C4 for 9front@9front.org; Thu, 25 Jul 2024 23:33:41 +0100 Content-Type: multipart/alternative; boundary=Apple-Mail-85A5F93F-A8ED-4835-B59D-98BCF5508075 Content-Transfer-Encoding: 7bit From: Steve Simon Mime-Version: 1.0 (1.0) Date: Thu, 25 Jul 2024 23:33:25 +0100 Message-Id: <48D229AC-81B2-4FB2-8793-2361F3CE38CD@quintile.net> References: <15F9DB0E-BED2-41FD-95F0-F04D6F2A3704@stanleylieber.com> In-Reply-To: <15F9DB0E-BED2-41FD-95F0-F04D6F2A3704@stanleylieber.com> To: 9front@9front.org X-Mailer: iPhone Mail (20H343) X-BlackCat-Spam-Score: 4 List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: structured session layer Subject: Re: [9front] WANTED: ip based filtering of incoming connections Reply-To: 9front@9front.org Precedence: bulk --Apple-Mail-85A5F93F-A8ED-4835-B59D-98BCF5508075 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable i took a different approach. i made some local changes to listen, secstored, and httpd. i have a directory /lib/ndb/banished when these apps accept a network connection they check for a file in /lib/nd= b/banished/. if the file is too big (more than say 16bytes) then the con= nection is rejected. if the app accepts the connection, and detects a failed login it adds one ch= aracter to /lib/ndb/banished/ if the login is successful then i delete the /lib/ndb/banished/ file this makes people who try and brute force the door lock themselves out. the idea came from log2ban from linux, but in (i feel) a more plan9 style wa= y. -Steve > On 25 Jul 2024, at 10:56 pm, Stanley Lieber wrote: >=20 > =EF=BB=BFai crawlers have discovered one of my servers. >=20 > smtpd has the -k flag, which i use to manually block especially egregious s= pammers, but ip(3) and listen(8) seem to offer nothing generic to bar aggres= sive customers from entry. >=20 > am i missing something? >=20 > sl --Apple-Mail-85A5F93F-A8ED-4835-B59D-98BCF5508075 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

i took a different approach.

<= br>

i made some local changes to listen, secstored, an= d httpd.

i have a directory= /lib/ndb/banished

when the= se apps accept a network connection they check for a file in /lib/ndb/banished/<ip>= ;. if the file is too big (more than say 16bytes) then the connection is rej= ected.

if the app accepts= the connection, and detects a failed login it adds one character to /lib/ndb/banished/&l= t;ip>

if the login is successful th= en i delete the /lib/ndb/banished/<ip> file

this makes people who try and brute force the door lock them= selves out.

the i= dea came from log2ban from linux, but in (i feel) a more plan9 style way.

-Steve

On 2= 5 Jul 2024, at 10:56 pm, Stanley Lieber <sl@stanleylieber.com> wrote:<= br>

=EF=BB=BF= ai crawlers have discovered one of my servers.
=
smtpd has the -k flag, which i use to manually block especially eg= regious spammers, but ip(3) and listen(8) seem to offer nothing generic to b= ar aggressive customers from entry.

am i mi= ssing something?

sl
= --Apple-Mail-85A5F93F-A8ED-4835-B59D-98BCF5508075--