This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Contributions / Tips&Tricks / Features Requests / Feature request (Idea) - protect Samba shares with fail2ban
« on: December 15, 2016, 03:34:16 pm »
I have an idea to protect Samba shares against the ransomwares.
My theory:
Ransomwares can access Samba shares, and they are able to rename and encrypt all files on it.
We can minimize the damage using fail2ban. If we use the known ransomware extensions (.locky, .aesir etc Complete list see : https://www.bleepingcomputer.com/forums/t/589811/updated-list-of-ransomware-file-names-and-extensions/ ) in context with fail2ban, we could filter the mailcious renaming and encrypting. If fail2ban detects one of them, it can ban the affected computer, and send an email to administrator.
Is it possible to realize ?
My theory:
Ransomwares can access Samba shares, and they are able to rename and encrypt all files on it.
We can minimize the damage using fail2ban. If we use the known ransomware extensions (.locky, .aesir etc Complete list see : https://www.bleepingcomputer.com/forums/t/589811/updated-list-of-ransomware-file-names-and-extensions/ ) in context with fail2ban, we could filter the mailcious renaming and encrypting. If fail2ban detects one of them, it can ban the affected computer, and send an email to administrator.
Is it possible to realize ?
Pages: [1]