I am looking for an advice
I have a lot of people trying to check if my ldap port is open (which is not the case …)
What is your suggestion to drop these IP (how to automatically build a blacklist like fail2ban ?)
I have read in an other post IPS as a solution(but I do not understand this stand for …)
thanks in advance for your help
Hi,
I have a lot of people trying to check if my ldap port is open (which is not the case …)
Well, if the port is not opened, there is little you need to worry about. If your IPFire machine is exposed to the internet, you will most probably observe some other “background noise” such as scanning attempts for SSH or Telnet ports. It’s not nice, but that is part of our daily threat landscape…
What is your suggestion to drop these IP (how to automatically build a blacklist like fail2ban ?)
None: If the port is closed and a log entry such as DROP_INPUT has been written, the packet was dropped already. There is nothing you need to do.
I have read in an other post IPS as a solution(but I do not understand this stand for …)
IPS stands for “Intrusion Prevention System”, please refer to the documentation for further information.
Thanks, and best regards,
Peter Müller
Thanks for the suggestion and I will read the part of the documentation I miss