[Gllug] Router under attack: help/advice needed

David Damerell damerell at chiark.greenend.org.uk
Wed Sep 30 19:15:01 UTC 2009


On Wednesday, 30 Sep 2009, Benjamin Donnachie wrote:
>2009/9/30 David Damerell <damerell at chiark.greenend.org.uk>:
>>I'd consider something that filters hosts with repeated login failures
>I had good results with fail2ban[1]

fail2ban is OK, but it's lacking what I find to be an important
feature of denyhosts; resetting the fail count after a successful
login. Because of the nature of the current attacks, I want to keep
count of failed logins indefinitely (the f2b default ten-minute memory
won't catch the current lot at all) - but I don't want to lock myself
out eventually because I can't type.

-- 
David Damerell <damerell at chiark.greenend.org.uk> Distortion Field!
Yesterday was First Brieday, September.
Today is First Gouday, September.
Tomorrow will be First Chedday, September - a public holiday.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list