From: Justin P. <jp...@lu...> - 2007-09-07 19:03:30
|
Maybe if fail2ban sees an IP more than once in 24 hours or 48 hours then perm ban or ban for a month, the thing is we want the state kept, if I ban for 1 week and reboot its no longer banned. On Fri, 7 Sep 2007, Koaps wrote: > How many IP's do you plan on banning forever? > > Fail2ban seems best suited to dynamic attacks that > aren't regular offenders. > > If a single IP is hitting you so often that you feel > the need to ban them forever, you are better off just > adding an iptables rule manually and using the > save/restore feature associated with the iptables > service on restarts. > > This is what I do, I use fail2ban to keep ssh scan > attempts, concurrent smtp connections and failures to > a minimum. > > But the guy who is constantly attempting to relay mail > through my server has a permanent iptables rule > created for them manually. > > I think fail2ban is best for just handling the ones > that can be unbanned after an hour or so and the > automated attack is over with. > > Besides, if you setup fail2ban to permanent ban on > matches, what happens if the attacker is spoofing > source headers for legit sites? like google or yahoo > or something. > > -chris > > > > --- Peter Jay Salzman <p...@di...> wrote: > >> I was curious about one of the designs of fail2ban. >> >> It seems pretty obvious that one thing someone may >> want is persistent state >> banning. If someone brute force attacks my server, >> I don't want the IP >> banned for a few minutes or even until I reboot my >> computer. I want the IP >> banned forever. >> >> It would be easy enough to implement with >> iptables-save and >> iptables-restore, so I'm guessing this was something >> that was thought of and >> discarded as a bad idea. >> >> How come? >> >> Thanks! >> Pete >> >> > ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? >> Stop. >> Now Search log events and configuration files using >> AJAX and a browser. >> Download your FREE copy of Splunk now >> >> http://get.splunk.com/ >> _______________________________________________ >> Fail2ban-users mailing list >> Fai...@li... >> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> > > > > ____________________________________________________________________________________ > Park yourself in front of a world of choices in alternative vehicles. Visit the Yahoo! Auto Green Center. > http://autos.yahoo.com/green_center/ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > |