Hello!
I own a hosting company and I often face the situation where my clients using weak passwords end up being broken and at the same time my VPSs become the source of scans on other hosting companies.
I managed to block through Suricata the situation in which a client scans a certain IP address for several ports or several passwords for the SSH port.
What I fail to do is prevent a client from sending TCP or UDP packets to detect on a subnet /24 which IP addresses have port 22 or another...
Read more
I own a hosting company and I often face the situation where my clients using weak passwords end up being broken and at the same time my VPSs become the source of scans on other hosting companies.
I managed to block through Suricata the situation in which a client scans a certain IP address for several ports or several passwords for the SSH port.
What I fail to do is prevent a client from sending TCP or UDP packets to detect on a subnet /24 which IP addresses have port 22 or another...
Read more