Re: random usernames in attempts to break in to my machine?
On Monday, 4 April 2022 12:03:59 EDT tomas@tuxteam.de wrote:
> On Mon, Apr 04, 2022 at 11:51:47AM -0400, gene heskett wrote:
>
> [...]
>
> > I'd be watching the logs for the src address, and the 2nd time I saw
> > the same address, add it to my iptables drop recipe. voila! [...]
> That's what fail2ban does for you. Only that it looks at many logs in
> parallel (your ssh, your mail server, etc.) and that it NEVER SLEEPS.
> (No, seriously ;-)
>
> Another advantage is that it can un-ban addresses after a while, so
> that (a) your iptables don't grow without limits and (b) IP addresses
> get a second chance (useful in the case they land in the hands of
> an admin with a clue).
>
> Since those attacks are pretty well distributed since a while (meaning
> that they come from many random IPs), the real question is: do the
> IPs repeat sufficiently to justify the (manual or automated) effort?
>
> If an IP only repeats after, say, 10^4 or 10^5 attempts, I'd say "nah".
> I'll check that, perhaps next weekend. Perhaps I'll post my conclusion
> here, who knows :)
Tomas, I've had fail2ban installed and running since wheezy. I don't
believe that in all that time, I have ever seen it trigger to do
anything. Then you recommend it but none of the advice on how to make it
actualy work seems to be any more helpfull than the man page which talks
in swahili slang dialect. To me, it seems like an over-hyped cycle
stealer.
So where might I find the info it takes to actually make it work as
advertised?
Thank you. Take care and stay well.
> Cheers
> --
> t
Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Reply to: