Douglas Muth on 22 Mar 2009 18:48:56 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Fail2ban (was: Re: 'logcheck')


On Sun, Mar 22, 2009 at 8:19 PM,  <bergman@merctech.com> wrote:
>
> => process started the daemon, and 6 login attempts later, all traffic
> => from that host was dropped via iptables.
>
> Six login attempts? You're very generous. I ban hosts after 3 attempts. I
> also changed the banned period from the default to one hour.

Just to clarify, 6 attempts is the default config for fail2ban in Ubuntu 8.04.

If I had to guess, the number is 6 because each attempt to ssh in
allows the user 3 tries.  And I know I've exceeded 3 tries before when
I thought I was logging into a different machine, for example.

(Then I started using SSH keys and that was no longer a problem :-)

-- Doug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug