Neil Aggarwal wrote: [snip] > I probably need to clarify this question. [snip]
No, you had it right the first time, basically it is as you stated. I also saw your question to the fail2ban list. The "basic" configuration for DH only does one thing: protect sshd using tcp-wrappers. As has been answered, you can extend the protection using your own regular expressions; most of us use it for ftp protection, not much more, you also loose unban functionality with the second service (when a user enters the right password his error count is reset). With fail2ban you get the concept of jails, the "basic" configuration has many such jails already installed so you can protect many services (pop3s was not one of them... but its easy, I added a simple jail for UW IMAP and use it with pop3). Fal2ban does not currently have the distributed database (which is optional on DenyHosts), some user has said he is going to implement it (or he has already something) but is not something that exists today (and you can ask Phil Schwartz how much resources and maintenance it needs). Jails also come with different variations, one uses tcp-wrappers, another iptables, and so on with different ways to protect the service; I believe something similar can be done with DH but I've never needed it. With both packages you can control things in detail but while DH allows you to set 2 levels of protection (some accounts get the blocking faster, for instance trying root I only give the attacker one opportunity to test since root access is not allowed through ssh) fail2ban doesn't. On the other hand there's only one set of configuration for all services in DH, while fail2ban has separate configurations and white-lists for each jail. Both DenyHosts and fail2ban are very good so the bottom line is which one is more convenient. I use both on different servers, one only needs ssh and ftp protection, while the other needs ssh, pop3, sendmail. The DH database is a big plus if you don't want to see all the tries on your log (both packages are scan time based, so you get the 10 sec of attacker trying unless he is in the DB). Both are good even with distributed attacks (and those leave thousand's of log entries but eventually repeat so if your configuration is well made they are caught). -- René Berber ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
