[Gllug] Router under attack: help/advice needed
John Edwards
john at cornerstonelinux.co.uk
Wed Sep 30 19:48:00 UTC 2009
On Wed, Sep 30, 2009 at 08:15:01PM +0100, David Damerell wrote:
> On Wednesday, 30 Sep 2009, Benjamin Donnachie wrote:
>>2009/9/30 David Damerell <damerell at chiark.greenend.org.uk>:
>>> I'd consider something that filters hosts with repeated login failures
>> I had good results with fail2ban[1]
>
> fail2ban is OK, but it's lacking what I find to be an important
> feature of denyhosts; resetting the fail count after a successful
> login.
That would be nice.
> Because of the nature of the current attacks, I want to keep
> count of failed logins indefinitely (the f2b default ten-minute memory
> won't catch the current lot at all)
To be honest, the main idea of fail2ban is that once the attacks
are blocked they will go elsewhere.
> but I don't want to lock myself
> out eventually because I can't type.
You can ignore certain IP addresses or pattern matches (eg a
particular username for a particular service).
By having multiple conf files for each service, you should be able
to have different triggers and timeouts for different usernames.
A long memory with exponentially increasing block times would
be nice, but I can't think of a way to do it at the moment.
--
#---------------------------------------------------------#
| John Edwards Email: john at cornerstonelinux.co.uk |
#---------------------------------------------------------#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20090930/3d737422/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list