Raquel wrote:
On Wed, 28 Jan 2009 15:00:37 +0000 Kevin Philp <kevin@cybercolloids.net> wrote:A good package to install, to help with the brute force attacks isfail2ban.Even easier and better add the following to your iptables firewall. This monitors your connections to the ssh port and drops the connection if they try more than 4 connections in 10 minutes. I have been using this for a while - works a treat."Easier and better" depends on a lot of factors, including a person's desire to edit, directly, their iptables files. Some use Shorewall (for which there are other solutions) or another firewall creation tool. For me, I appreciated the solutions found in fail2ban.
100% agree with you - guess I shouldn't type in a hurry. I have used it and it worked just fine. I switched to the iptables solution because we were developing our own firewall script at the time and it made sense to incorporate it and have one less security package to configure and worry about. What I liked about the iptables solution was that it cut off the hacker after a predetermined number of attempts rather than letting the attacks mount and then then pick it up from a log-file scan. However fail2ban can also block at the tcpwrappers level so is a bit more flexible on how it blocks.
For those interested another popular script is at: http://denyhosts.sourceforge.net/