<br><br><div class="gmail_quote">On Mon, Mar 30, 2009 at 4:37 PM, Bill Campbell <span dir="ltr"><<a href="mailto:linux-sxs@celestial.com">linux-sxs@celestial.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
On Mon, Mar 30, 2009, Ken Moffat wrote:<br>
>On Mon, Mar 30, 2009 at 2:49 PM, Bill Campbell <<a href="mailto:linux-sxs@celestial.com">linux-sxs@celestial.com</a>>wrote:<br>
><br>
>> On Mon, Mar 30, 2009, vu pham wrote:<br>
>> > I remember someone mentioned/asked/answered this already but I just<br>
>> > could not remember it.<br>
>> ><br>
>> > My system gets a lot of password-guess attackes. What is the tool that<br>
>> > disables those remote attack hosts ?<br>
>> ><br>
>><br>
>> fail2ban comes to mind.<br>
>><br>
>denyhosts blocks ip addresses after 3 (configurable) failed ssh logins.<br>
><br>
>It can block either just ssh or all services for the denied ip address,<br>
>adding the offending ip address to /etc/hosts.deny.<br>
<br>
While this prevents access, it does not necessarily avoid filling<br>
your log files with garbage as sshd probably logs failed attempts.<br>
<br>
Bill<br></blockquote><div><br></div><div>Correct. I run a small home server using 1 static ip address and have had good results. </div><div><br></div><div>Are there advantages to fail2ban?</div><div><br></div></div><br clear="all">
<br>-- <br>Ken Moffat<br>kmoffat at modizzle dot net<br>