On Sat, 26 Nov 2011, C F wrote:
On Sat, Nov 26, 2011 at 7:50 AM, Gordon Henderson
<gordon+aster...@drogon.net> wrote:
On Sat, 26 Nov 2011, Terry Brummell wrote:
Install & Configure Fail2Ban then the host will be blocked from
connecting. And no, it's not new.
I don't need Fail2Ban, thank you. But your advice might be useful to others.
Why is that?
Even if they don't compromise an account they are still using your
bandwidth and resources on your machine.
Linux has excellent built-in subsystems to control firewalling and so on
without resorting to external programs. It's called iptables. If you know
how to use them, then using an external resource such as fail2ban is
unneccessary.
For example, with iptables rules you can say something like: If a
connection from a remote site to a local port happens more than (say) once
a second then drop that connection.
And that happens right at the kernel level without the need to run any
userland software, write config files, monitor log files and so on.
I've posted about it in the past - search the archives if you want to know
more.
Gordon
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users