[ale] Configuring iptables in Slack-12.0
Steve Brown
braino420 at gmail.com
Mon Feb 25 14:24:36 EST 2008
Another program, similar to Fail2Ban, is DenyHosts [1]. The difference is
that DenyHosts can also sync with other DenyHosts to automatically add the
IPs of attackers to hosts.deny. After a few months of using it, I have
almost 14,000 lines in my hosts.deny (!). It's highly configurable. I went
that route because I was using Fail2Ban and found the delay to be too great
(it monitors /var/log/messages or auth.log, I guess). By the time the IP
gets banned, the attackers have the chance to try about 20 or so different
passwords (and this is with F2B set to deny after 2 failed attempts).
Looking at the F2B manual, it seems this is due to the buffering of the
syslogs.The thing that seems to work the best, although it currently isn't
an option for me, is to use a non-default, port.
HTH,
-Steve Brown
[1] http://denyhosts.sourceforge.net/features.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080225/53a1dfb4/attachment.html
More information about the Ale
mailing list