[CentOS] bruteforce protection howto

Mon Mar 22 16:04:26 UTC 2010
Ray Leventhal <centos at swhi.net>

On 3/20/2010 6:35 PM, Larry Brower wrote:
> Larry Vaden wrote:
>    
>> <snip>
> +1
>
> you might also look at APF + BFD as it works as well. Both solutions
> are intended for the server and not for a remote host, however you
> could probably work around this with a small shell script.
>
> This does beg the question, why are you wanting to ban the IP's on the
> router box as opposed to the machine being targeted? The whole point
> of a router is to route traffic, not enforce firewall policy. This
> would be better handled by a firewall of all things, be it a hardware
> appliance (ASA, PIX, Juniper HSC) or iptables on the machine itself.
> You might keep in mind that the more firewall rules you add to the
> router the slower the  network will become as all packets have to be
> checked against all rules. Just my opinion ;)
>
>    
I'm rather fond of the apf + bfd [1] solution and use it regularly on RH 
and CentOS systems.

Both are available here but sadly no rpm(s) that I've found.  Both are 
rather easy to deploy...the bfd part is simply a cron job telling bfd 
how frequently to scan for failed logins by service
Service level failed attempts are configurable...all in all a nice set 
of utilities.

HTH,
-Ray

[1] http://www.rfxn.com/projects/