Menu
▾
▴
Re: [Fail2ban-users] New user questions on Fail2ban, unused ports
|
From: Yaroslav H. <li...@on...> - 2012-04-07 01:45:17
|
> 1- is there a book that anyone wrote on this great program out there for > me to buy? not that I am aware off -- there is bulk of information online though and in general fail2ban is quite simple ;-) > 2- If I use a different port for ssh, like 5454 I know fail2ban can help > with that, but what if I left port 22 open (but not let ssh listen to > it) but use fail2ban to ban anyone accessing it? > Perhaps open port 22 in iptables and then log any request from any ip > syn-log or whatever > Is that possible? yes ;-) > My reason is to kill script kiddies in their tracks. > I also have a virtual host machine with many VMs on it...If I open a few > ports on the host that I do not use, then I can ban ips on the host > machine, blocking them from even attempting to get to the VMs. yeah -- AFAIK it is a popular among some approach to catch and block such silly attacks, e.g. tripwire http://sourceforge.net/projects/tripwire/ which I have used at some point. It should be quite simple to devise a simple action/jail which would setup such a tripwire chain which would log access to a selected collection of ports (otherwise unused) and trigger the ban. so we do not forget about this idea: https://github.com/fail2ban/fail2ban/issues/42 contributions (pull requests) are very welcome! -- =------------------------------------------------------------------= Keep in touch www.onerussian.com Yaroslav Halchenko www.ohloh.net/accounts/yarikoptic |