Fail2Connect - Ban connections that fail to connect

Fail2Connect - Ban connections that fail to connect

Fail2Connect is a program written in Golang. It reads log files like /var/log/openvpn.log or /var/log/mail.log. Each time a new line is added, Fail2Connect will try to match the new line against two regular expressions. These regular expressions are defined in the config.json file. The first regular expression will match against a line that mentions a new connection from a certain IP address is made. This doesn't mean that that connection is from a valid user. It only means that someone made a connection. The second regular expression will match against a line that indicates that a connection with a certain IP address is successfully made, so from a valid user.

Example from OpenVPN:

TCP connection established with [AF_INET]46.143.188.17:43912 (will match the first regular expression)
...
...
...
Peer Connection Initiated with [AF_INET]46.143.188.17:43912 (will match the second regular expression)

The first line mentions a new connection is made from some IP address, the second line mentions that that IP address successfully made a connection.

Fail2Connect will track the time between the first line and the second line. If it takes longer than defined in the config file, it will run a command defined in the config file. This command should ban that IP address. This can be done because only connections from valid users will match the second line. If a connection from an invalid user is made, it will not match the second line.

Configuration

The config.json file is a JSON file containing multiple watchers. Each watcher is a JSON object containing the following keys:

KEY EXPLANATION
enabled should this watcher be enabled? true or false
path_to_log_file location of the log file
connection_regex regular expression for matching incoming, but not yet valid, connections. MUST HAVE A CAPTURE GROUP FOR THE IP ADDRESS
success_regex regular expression for matching connections from valid users. MUST HAVE A CAPTURE GROUP FOR THE IP ADDRESS
ban_command command to execute when there is too much time between the connection line and success line. IP_TO_BAN will be replaced with the corresponding IP address
ultimatum_time_in_seconds maximum time between connection and success line
trust_known should known IP addresses be trusted? true or false. This means that every IP address from the success regular expression will be trusted, meaning those IPs won't be banned even if it does not reach the success line next time
instant_ban_after in case of a DOS attack, after how many attempts within the ultimatum should the IP address be banned?
Owner
null
https://github.com/dylode/fail2connect
Similar Resources

A golang universal connections pool.

gopool A golang universal connection pool. Features: Using arrays instead of channels to improve performance Automatically detect live server nodes an

Jul 15, 2022

Designed to support DNS brute-forcing with a minimal number of network connections

Fast Use of DNS Resolvers Designed to support DNS brute-forcing with a minimal number of network connections. Installation go get -v -u github.com/caf

Dec 8, 2022

🧮 SOCKS5/4/4a 🌾 validating proxy pool for 🤽 LOLXDsoRANDum connections 🎋

🧮 SOCKS5/4/4a 🌾 validating proxy pool for 🤽 LOLXDsoRANDum connections 🎋

Prox5 SOCKS5/4/4a validating proxy pool This package is for managing and accessing thousands upon thousands of arbitrary SOCKS proxies. It also has a

Dec 25, 2022

go HTTP client that makes it plain simple to configure TLS, basic auth, retries on specific errors, keep-alive connections, logging, timeouts etc.

goat Goat, is an HTTP client built on top of a standard Go http package, that is extremely easy to configure; no googling required. The idea is simila

Jun 25, 2022

GOWS is GoLang web-socket module Provides you with ease of handling web socket connections with a few lines

GOWS GOWS is GoLang web-socket module Provides you with ease of handling web socket connections with a few lines, it supports multi-connection on one

Apr 4, 2022

Peoplenect - Keep track of all your professional connections on your machine

Peoplenect Keep track of all your professional connections. TODO Create database

Jun 2, 2022

Remake of the original sqlifinder but in GOlang, and allows for listed targets, domain crawling, and tor connections

Remake of the original sqlifinder but in GOlang, and allows for listed targets, domain crawling, and tor connections

_______ _____ _____ _______ _____ __ _ ______ _______ ______ |______ | __| | | |______ | | \ | | \ |______ |_____/

Jan 4, 2023

Port-proxy - Temporary expose port for remote connections

Port proxy util Temporary expose port for remote connections. E.g. database/wind

Jan 27, 2022

DogeRPC3 - Much RPC , Much connections

සුකුමාලි වම්සහේලිහෙලේ මන්මදොරි Usage go get github.com/Shaneumayanga/dogeRPC3

Feb 16, 2022
Related tags
Network fail2connect
inlets-connect is a proxy that supports HTTPS and the CONNECT method

inlets-connect inlets-connect is a proxy that supports HTTPS and the CONNECT method. It can be deployed as a side-car or stand-alone to proxy to a sin

Nov 7, 2022
Minekube Connect allows you to connect any Minecraft server

Minekube Connect allows you to connect any Minecraft server, whether online mode, public, behind your protected home network or anywhere else in the world, with our highly available, performant and low latency edge proxies network nearest to you.

Dec 27, 2022
A simple robot to ban users who send as channel in group chats.

GoLang Telegram Bot GoLang Telegram Bot, written in GoLang via gotgbot library. You can even use this repository as a template to make your own GoLang

Dec 14, 2021
UFW-Autoblacklist - Script that allow you to ban-ip all spammers
 UFW-Autoblacklist - Script that allow you to ban-ip all spammers

Setup: go build main.go tcptrack -i <interface> | ./main

Nov 1, 2022
A little library for turning TCP connections into go channels.

netutils By Tim Henderson ([email protected]) This is a little library that was part of a larger project that I decided to pull out and make public.

Aug 13, 2020
handling 1M websockets connections in Go

Going Infinite, handling 1M websockets connections in Go This repository holds the complete implementation of the examples seen in Gophercon Israel ta

Jan 8, 2023
rconn is a multiplatform program for creating generic reverse connections. Lets you consume services that are behind firewall or NAT without opening ports or port-forwarding.
 rconn is a multiplatform program for creating generic reverse connections. Lets you consume services that are behind firewall or NAT without opening ports or port-forwarding.

rconn (r[everse] conn[ection]) is a multiplatform program for creating reverse connections. It lets you consume services that are behind NAT and/or fi

Jan 1, 2023
wire protocol for multiplexing connections or streams into a single connection, based on a subset of the SSH Connection Protocol

qmux qmux is a wire protocol for multiplexing connections or streams into a single connection. It is based on the SSH Connection Protocol, which is th

Dec 26, 2022
UDP Transport: compress, encrypt and send any data reliably over unreliable UDP connections

udpt UDP Transport Compresses, encrypts and transfers data between a sender and receiver using UDP protocol. Features and Design Aims: Avoid the overh

Nov 5, 2022
Multiplexer over TCP. Useful if target server only allows you to create limited tcp connections concurrently.

tcp-multiplexer Use it in front of target server and let your client programs connect it, if target server only allows you to create limited tcp conne

May 27, 2021