Skip to content
Blame Permalink
  • Michal 'vorner' Vaner's avatar
    f9150ebd
    initdb: Include ssh honeypot in fake blacklist view · f9150ebd
    Michal 'vorner' Vaner authored 
    • Simplify the rules for inclusion in the blacklist. Count score for
  each client, leave out the low-score clients (hardcoded for 100 now,
  adjusting the scores for events to match that) and sum them together
  across each attacker IP. These are compared to limits.
• Split the computation of this into several views, to improve
  readability and understandability (this way it looks more procedural,
  as the views can be understood to be done one by one).
• Include the ssh honeypot as one of the sources.
    f9150ebd
    initdb: Include ssh honeypot in fake blacklist view
    Michal 'vorner' Vaner authored 
    • Simplify the rules for inclusion in the blacklist. Count score for
  each client, leave out the low-score clients (hardcoded for 100 now,
  adjusting the scores for events to match that) and sum them together
  across each attacker IP. These are compared to limits.
• Split the computation of this into several views, to improve
  readability and understandability (this way it looks more procedural,
  as the views can be understood to be done one by one).
• Include the ssh honeypot as one of the sources.