Re: NULL Scan issues or something else?
On Tue, 2013-02-05 at 23:10 +0000, Jérémie Marguerie wrote:
> Le 5 févr. 2013 23:03, "Bartek Krajnik" <bartek@bmk-it.com> a écrit :
> >
> > Hi,
> > For ssh login attempts you can use program authfail (after 4 wrong
> login attempts it adds proper IP to netfilter with DROP rule sending
> notification to IP class owner from whois database).
>
> It sounds a bit overkill.
> Am I the only one sometimes typing my password incorrectly because I
> forgot it?
>
> Fail2ban does pretty much the same job but only ban for a few minutes.
> It's just a way to slow down bruteforce. Having 20 guesses per 10
> minutes makes a bruteforce useless if the passwords are decent.
>
> And it will not annoy too much your users but will annoy stupid bots.
>
> --
> Jérémie Marguerie
>
I'll second Fail2Ban. I use it all the time. Though, funny story,
where I work we use PBX in a Flash as our PBX. It is installed by
default with fail2ban, but one day we were having random issues with the
network and our VoIP phones (Aastra 57i) kept trying to connect, I
finally realized that fail2ban had blocked it, as soon as I restarted
the service (clearing the bans) the phone connected and worked just
fine.
So like anything similar, use the tool with care. It's extremely
configurable though.
Reply to: