On 6/17/2014 19:35, Chuck Campbell wrote: > I haven't done the load stats, but it appears > to me that a hundred of these crackers hitting my machine at these rates is > likely to deny my legit users some resources. So increase the fail2ban time from the default (5 minutes, as I recall) to 1 hour, or 1 day. > Besides, just because the odds are against you, sometimes luck is all it takes. That sort of thinking is why governments have started to levy taxes on people who are bad at math. (i.e. lotteries) Some risks simply aren't worth worrying about. Go play with the haystack calculator I linked from my previous email. If 8 random printable ASCII characters doesn't make you sleep well at night, make it nine. Now the attack space is about 2 orders of magnitude larger. If the risk with 8 was "sometime in my career, which cannot stand a single breach," the risk with 9 becomes "sometime after I have shuffled off this mortal coil."