[ProgSoc] Fail2Ban

Noah O'Donoghue noah.odonoghue at gmail.com
Mon Apr 12 20:26:48 EST 2010


Not really knowing the specifics of fail2ban (yet) I'm just wondering if the
brute force attempts are coming from different ips?

 

I know some botnets have evolved around fail2ban by doing a distributed
attack that will try only a few passwords from each host. 

 

From: progsoc-bounces at progsoc.org [mailto:progsoc-bounces at progsoc.org] On
Behalf Of Simon Pearce
Sent: Monday, 12 April 2010 2:19 PM
To: progsoc at progsoc.org
Subject: [ProgSoc] Fail2Ban

 

Hi Progsoc

I am after some help with fail2ban. I have it installed on a hosted VM. 

I see progsoc has it installed as well so I thought I would post here and
google isn't turning up any answer.

I am having a problem fail2ban appears to be banning some ip addresses but
when I look at my auth.log there are a lot more brute force ssh attacks that
aren't being blocked. I find this odd how it is intermitent. As it appears
to be working to some degree.

I am running debain lenny 32bit.

My fail2ban.log and my jail.conf are attached

Thanks

-Simon

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://progsoc.org/pipermail/progsoc/attachments/20100412/893c5f33/attachment.htm 


More information about the Progsoc mailing list