fail2ban ??

Corey Edwards tensai at zmonkey.org
Mon Apr 15 07:58:20 MDT 2013


On 04/13/2013 12:10 PM, Andy Bradford wrote:
> Thus said Corey Edwards on Fri, 12 Apr 2013 10:08:06 -0600:
> 
>> The primary advantage  fail2ban would have over  your iptables filters
>> is being able to differentiate successful and failed logins.
> 
> If one can't be bothered to use SSH keys, or get one's password right in
> 10 times per minute (assuming I interpret the iptables rules correctly),
> one deserves to be blocked. ;-)

The scenario I'm describing is a bunch of successful logins in very
quick sequence. 10 logins per minute is a lot, but I could imagine some
times where it might happen. To get that rate, you'd almost have to be
using keys (doesn't everybody?). In that situation, fail2ban could
safely ignore those connections but iptables would incorrectly detect it
as an attack.

Corey




More information about the PLUG mailing list