Fail2Ban automatically adds a iptables rule to block all traffic from the atacking address, and then sends off an e-mail informing you - so it does do that
2010/1/27 Jason A. Nunnelley <[email protected]> > On Wed, Jan 27, 2010 at 1:03 PM, Domenic Santangelo <[email protected]> > wrote: > > I'm hearing some complicated attack vectors being tossed around in here > (password sniffing, mitm, etc) -- don't forget about a pretty simple one: > dictionary attacks. I recently took over a project for a small-medium sized > client and upon looking at the secure log noticed 50k+/day dictionary > attacks against SSH. I installed fail2ban and now get 5-6 emails daily about > brute-force hack attempts. > > Just wonder why you don't simply block attempts beyond 5 or 10. > > > -- > > Jason A. Nunnelley > ---------------------------------------- > http://www.jasonn.com > http://www.tekany.com > +1 256 297 1652 > >
