Friday, May 10, 2019

Best Way to Filter Malicious IPs?

We've got some internet facing services. These obviously require unfettered access from anywhere. In doing so, this opens us up to potential attacks, people constantly scanning the open ports, and then trying various exploits on the port. If I notice a recurring source IP, I add it to our inbound filter list. Obviously a tedious task and not exactly the most effective.

I know this is quite a common post on here, so I've been doing some reading about RTBH, BGP FlowSpec, and exabgp. I'm still not 100 percent sure that this is the solution I'm looking for, as it is not really DDOS mitigation we are worried about.

Any one have any other ideas or solutions? Am I missing something obvious?

Let me know if you need more information.



No comments:

Post a Comment