| Fred Stluka on 24 Aug 2018 15:29:11 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban... |
Rich, If you have even one service that allows passwords, it's vulnerable to a brute force attack. The difference between 3 and 3 trillion attempts in 10 minutes is huge. No one's going to guess a good password in 3 tries. Also, the fact that they get blocked after 3 tries tells them I have active security measures like fail2ban in place, and encourages them to move on to an easier target. From the old joke: "I don't have to run faster than the bear; only faster than you." --Fred ------------------------------------------------------------------------ Fred Stluka -- Bristle Software, Inc. -- http://bristle.com #DontBeATrump -- Make America Honorable Again! ------------------------------------------------------------------------ On 8/17/18 8:08 PM, Rich Freeman wrote:
On Fri, Aug 17, 2018 at 7:38 PM Rachel plays Linux <rachelneko@gmail.com> wrote:Maintaining a home firewall and a commercial server are way different. At work I can't simply ban by county, though I can block some entire ISPs. At home I lock out damn near everythingWhile it doesn't hurt to block CN from home, I don't run fail2ban. If having 3 attempts vs having 3 trillion attempts at my service makes any difference at all, then my service is broken. Sure, blocking might help protect against zero days. I doubt fail2ban will.
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug