[Leaplist] fail2ban

Kevin Korb kmk at sanitarium.net
Tue Mar 9 00:44:53 EST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sounds like we are in the same boat at work.  Lots of IPs per server and
they all respond to ssh.  A bot that scans a bunch of IPs for a bunch of
users/passwords at the same time can have a significant impact on a server.

We have a custom made in-house solution because we were forced to write
one before there were any others "out there".

We still have to support FTP too.  I would so like to make it (and
unencrypted email) go away but the customer demand just will not let it
happen.  Even when their PC gets infected with malware that steals their
FTP password and lets someone infect their web site with more malware
they still refuse to do the upgrade to SFTP.

On 03/09/10 00:39, Phil Barnett wrote:
> On Mon, 2010-03-08 at 20:45 -0500, Jason Boxman wrote:
>> On 3/8/2010 6:53 PM, Phil Barnett wrote:
>>> I was looking for a solution to automatically firewall password guessing
>>> attacks to ssh my server and came across this interesting solution.
>>
>> The risk is a crafty attacker successfully bans you, should you be 
>> accessing the host primarily remotely.
>>
>> Instead, I use OpenSSH AllowUsers and only allow access via keys.
>>
>>
> 
> I disallow root logins without a key already. But this is a public
> server with many hosted sites that use ssh to move files instead of ftp,
> which I still support, but I tell most of my users that they are more
> secure to use ssh to move their files.
> 
> These hacking 'script kiddie' attempts have been going on for a long
> time with no success, but now they don't flood my log file. A few hits
> and it stops.
> 
> And, yes, there could be a crafty denial of service.
> 
> 

- -- 
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
	Kevin Korb			Phone:    (407) 252-6853
	Systems Administrator		Internet:
	FutureQuest, Inc.		Kevin at FutureQuest.net  (work)
	Orlando, Florida		kmk at sanitarium.net (personal)
	Web page:			http://www.sanitarium.net/
	PGP public key available on web site.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuV4FUACgkQVKC1jlbQAQcHUQCguNHk1I7dwHgAVbumhxJOE8v7
V4wAn3GAeM9K3CwyEkoNQRQFPVi9jt3i
=lYqt
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Leaplist mailing list