>today I had about 1.000 Authentication Failures to ssh Is that all !
> and I had time to >think about how to limit and secure this issue. fail2ban http://www.fail2ban.org/wiki/index.php/Main_Page Works a treat, you set how many failed attempts are allowed, after that, they get banned. Effectively, it gives an attacker only one or two attempts to guess both an account AND a password. Occasionally they'll come back again, but in practice I tend not to see the same address banned twice in a day. There is one thing though, add a command to restart fail2ban after Shorewall starts - because Shorewall will remove the iptables chains that fail2ban uses. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
