block host with brute-force attach
Ken Moffat
kmoffat at drizzle.com
Mon Mar 30 17:05:17 PDT 2009
On Mon, Mar 30, 2009 at 4:37 PM, Bill Campbell <linux-sxs at celestial.com>wrote:
> On Mon, Mar 30, 2009, Ken Moffat wrote:
> >On Mon, Mar 30, 2009 at 2:49 PM, Bill Campbell <linux-sxs at celestial.com
> >wrote:
> >
> >> On Mon, Mar 30, 2009, vu pham wrote:
> >> > I remember someone mentioned/asked/answered this already but I just
> >> > could not remember it.
> >> >
> >> > My system gets a lot of password-guess attackes. What is the tool that
> >> > disables those remote attack hosts ?
> >> >
> >>
> >> fail2ban comes to mind.
> >>
> >denyhosts blocks ip addresses after 3 (configurable) failed ssh logins.
> >
> >It can block either just ssh or all services for the denied ip address,
> >adding the offending ip address to /etc/hosts.deny.
>
> While this prevents access, it does not necessarily avoid filling
> your log files with garbage as sshd probably logs failed attempts.
>
> Bill
>
Correct. I run a small home server using 1 static ip address and have had
good results.
Are there advantages to fail2ban?
--
Ken Moffat
kmoffat at modizzle dot net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.celestial.com/pipermail/linux-users/attachments/20090330/6b318ac1/attachment-0002.html
More information about the Linux-users
mailing list