[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reporting brute force ssh login attempts

On Wednesday 15 November 2006 21:00, Shri Shrikumar wrote:
> Hi Peter,
>
> Peter Colton wrote:
> > A handy tool I use to cut down on ssh brute force attacks is fail2ban : 
> > You can install  it from backports.org.
> > Add the backport url to your sources.list
> > http://www.backports.org/dokuwiki/doku.php?id=instructions
> > Then after you have installed fail2ban comment out www.backports.org url
> > in your apt sources.list so that you will not bring in any unwanted
> > packages in the future.
> >
> > http://fail2ban.sourceforge.net/wiki/index.php/README
> > http://www.ducea.com/2006/07/03/using-fail2ban-to-block-brute-force-attac
> >ks/ http://www.debianhelp.co.uk/fail2ban.htm
>
> Thank you. That looks like a useful tool. I have already installed it on
> one server to see how it goes. Is there some way of also automatically
> reporting these ip's so that whoever is responsible for that server is
> alerted to a worm or whatever might be causing this?
>
>
> Shri
>
	Hello Shri,

	Off hand I would say no to "will it automatically reporting these ip's".
	The ip addresses it bans are  log in fail2ban log file.

	Regards

                peter colton
Reply to: