I want to prevent brute force attacks to my services on Kubernetes. My solution is to ban IPs that have many failed attempts but every request will be SNAT (Source NAT) and I don't know what can I do. Is there Any proxy I can use for my TCP requests and after that I can ban IPs?
Asked
Active
Viewed 59 times
1 Answers
1
If You are using a database to your service and facing this brutal attack by more failed attempts then you can block those IP's or users for some time and can release them. Database-persisted short lockout period for the given account (1-5 minutes) is the only way to handle this. Each userid in your database contains a timeOfLastFailedLogin and numberOfFailedAttempts. When numbeOfFailedAttempts > X you can lockout for some minutes.
Hemanth Kumar
- 2,728
- 1
- 4
- 19