Easy way to block simple attacks from a single IP address or a a few on the same network.
Until I automate the a block script, I did this manually, but first I was connected to the wrong region. There are really intelligent hacks, then there are medium intelegence hacks, and there are just jerk brute stupid break-ins with Password dictionary. Tonights “hijack CharmingSteve’s mail server” got blocked by the mail server but still used sys resources and sent me an annoying email reporting the incident for all of the dozens of attempts. So I manually blocked the IP address. in the Nacl security settings under VPC. The NACL requires cidr range. Even for one IP address you need to the math, while under DDOS attack. Simply plug it into the following URL. http://www.ipaddressguide.com/cidr#range The rule you add must be a lower number than the existing allow everything rule.
The next step is adding a script that writes directly to NACL from Fail2ban.
Use the network ACL rules we recommend to provide an additional layer of security for your subnets.
Source: Recommended Network ACL Rules for Your VPC – Amazon Virtual Private Cloud
You must log in to post a comment.