Vreme: 12/07/2011 06:29 PM, Craig White piše:
On Dec 7, 2011, at 4:49 AM, Johnny Hughes wrote:
There is also use of denyhosts and fail2ban. They allow only few attempts from one IP, and all users can share attacking IP's (default is every 30 min) so you are automatically protected from known attacking IP's. Any downside on this protection?
No downside, and they do work.
I am a true believer and use denyhosts everywhere but to say there is no downside, that's not entirely true - I had a co-worker who was dyslexic, and you would be surprised how often he locked himself out ;-) Honestly, I don't know how he got a college degree in CIS being as dyslexic as he was.
hehehe. I whitelisted my internal IP's and other friendly IP's like other networks I maintain (and made secure :-) ).