On Tuesday 17 July 2007, Dale Schuster wrote: > Richard Creighton <[EMAIL PROTECTED]> wrote on 07/17/2007 02:02:51 PM: > > Thanks to all that have endured this thread and to all that have > > contributed their ideas. BTW, I did install 'fail2ban' and it did > > execute but it never caught any attacks...so obviously I screwed up in > > configuration somehow even though I pointed the thing to the syslog-ng > > file as input, etc but it never reported either an error or an attack. > > I've been watching this thread and have had fail2ban in the back of my > mind. Is Fail2ban not necessary anymore with the "recent" addition to the > kernel. Is this the "new" way of doing things? Should fail2ban be > considered a workaround/hack/old technology? > > ~Dale
I don't thing F2B is needed any more once you get a working "recent" installed. Doing this in iptables is so much more efficient than all the other hacks I've seen, and since installing "recent" I never get any of these dictionary attacks in my logs. (Well ok, I see three hits then the site is dropped and I never see them again. They soon just give up and never try my site again, its very effective). Tempest in a teapot if you ask me. Dictionary attacks are never going to be successful at my sites anyway due to password standards. On some sites we don't even allow password, and insist on public key. -- _____________________________________ John Andersen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
