Maybe he should go with Centos based solution, because moving what ever services are on his box to a smooth wall instance, is going to be murder!
I would still suggest fail2ban, I have hundreds of attempts against my server farm all day everyday, and the fail2ban scripts really help to stop my services being tied up denying logins or crashing, because each ip only gets three strikes, and is out, and that's across all servers. Also, my traffic logs are more accurate, and my average load dropped a bit too. --- Kind Regards, Mr Gabriel (bberry mail)
-----Original Message----- From: "Sorin Srbu" sorin.srbu@orgfarm.uu.se Date: Tue, 25 May 2010 09:22:39 To: 'CentOS mailing list'centos@centos.org Subject: Re: [CentOS] [WTA] Automatically blocking on failed login
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On
Behalf
Of Mr Gabriel Sent: Tuesday, May 25, 2010 9:34 AM To: CentOS mailing list Subject: Re: [CentOS] [WTA] Automatically blocking on failed login
Maybe he should go with Centos based solution, because moving what ever services are on his box to a smooth wall instance, is going to be murder!
I would still suggest fail2ban, I have hundreds of attempts against my
server farm all
day everyday, and the fail2ban scripts really help to stop my services
being tied up
denying logins or crashing, because each ip only gets three strikes, and is
out, and
that's across all servers. Also, my traffic logs are more accurate, and my
average
load dropped a bit too.
That depends on what he has on the current machine(s). YMMV, as always. 8-)
Hi All, Sorry for long answer.. I would like to use CentOS for all. I've a transparent firewall (CentOS + iptables) and I want to use it as a filter. I've been using iptables on the server machine (not in transparent firewall), and I want to get the job done by the firewall. Is it possible if my firewall to do this task? while being attacked is different computer?
-- Best regards, David http://blog.pnyet.web.id
On 05/25/2010 02:34 PM, Mr Gabriel wrote:
Maybe he should go with Centos based solution, because moving what ever services are on his box to a smooth wall instance, is going to be murder!
I would still suggest fail2ban, I have hundreds of attempts against my server farm all day everyday, and the fail2ban scripts really help to stop my services being tied up denying logins or crashing, because each ip only gets three strikes, and is out, and that's across all servers. Also, my traffic logs are more accurate, and my average load dropped a bit too.
Kind Regards, Mr Gabriel (bberry mail)
-----Original Message----- From: "Sorin Srbu"sorin.srbu@orgfarm.uu.se Date: Tue, 25 May 2010 09:22:39 To: 'CentOS mailing list'centos@centos.org Subject: Re: [CentOS] [WTA] Automatically blocking on failed login
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Tue, 25 May 2010, David wrote:
I would like to use CentOS for all. I've a transparent firewall (CentOS
- iptables) and I want to use it as a filter. I've been using iptables
on the server machine (not in transparent firewall), and I want to get the job done by the firewall. Is it possible if my firewall to do this task? while being attacked is different computer?
sort of, yes. after some investigation and thought, i decided to protect my ssh servers with rate-limiting, using iptables.
rate-limiting doesn't care whether a login succeeded or failed, it just detects repeated attempts to connect from the same source address to the same destination port, and blocks any past the first two in a rolling 60-second window (both parameters are of course configurable). this makes it suitable for use on the firewall rather than the endpoint, and i suspect it can be extended to IMAP and similar services (though mail clients that wish to continually make new connections rather than keeping existing ones open and reusing them will run into problems).
for sshd, analysis of last week's logs shows that the number of connection attempts rejected this way each day varies from 2,200 to 82,000, while the number of failed logins on sshd varies daily from 2 to 25 - so you can see that this is somewhere between 99% and 99.997% effective at preventing people from getting as far as a password-guessing attack. server load has *substantially* decreased.
if this is of interest to you i wrote it the details up at http://www.teaparty.net/technotes/ssh-rate-limiting.html .
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On
Behalf
Of Tom Yates Sent: Tuesday, May 25, 2010 11:19 AM To: CentOS mailing list Subject: Re: [CentOS] [WTA] Automatically blocking on failed login
if this is of interest to you i wrote it the details up at http://www.teaparty.net/technotes/ssh-rate-limiting.html .
Nice!
-
David -
Mr Gabriel -
Sorin Srbu -
Tom Yates