fail2ban – Page 3 – WindowsTechs.com

Is something like fail2ban necessary for a rate-limited key-only (no password) ssh login?

Posted on July 11, 2018 by Yogesch

As far as I understand, bruteforcing ssh is only attempted for passwords, not keys (barring edge cases where presumably the NSA wants to break in).

So if a server has disabled (in addition to root login) password authentica… Continue reading Is something like fail2ban necessary for a rate-limited key-only (no password) ssh login?→

Increasing fail2ban ban time with each attempt

Posted on May 23, 2018 by rec

I haven’t really found any way to do this – I have seen a few issues on the github dealing with it but nothing in the wiki indicating it exists.

Right now I have a problem, a set of 3 IP addresses are clobbering my SSHD. It’s secure, no b… Continue reading Increasing fail2ban ban time with each attempt→

Does blocking an IP with IP Tables protect you from a DOS (not DDOS) attack?

Posted on January 30, 2018 by Jon Ferguson

I am fairly new to network security, and I just learned about the Fail2Ban framework you can use for automated exploit detection/prevention. It says that you can protect yourself from DOS attacks by setting up a rule that wil… Continue reading Does blocking an IP with IP Tables protect you from a DOS (not DDOS) attack?→

Is it possible to filter ports with fail2ban?

Posted on January 6, 2018 by Arcticooling

Is it possible to filter ports with fail2ban (22, 80, 433, 933, 9000)?

With the “rival” software CSF-LFD it is indeed possible, but I’m not sure it’s possible with fail2ban.

By filtering them I mean to lock them – no one co… Continue reading Is it possible to filter ports with fail2ban?→

How should output of fail2ban postfix-sasl look like

Posted on August 31, 2017 by Aleksandar Pavić

I want to be sure that fail2ban is properly banning failed postfix SASL login attempts.

When I do iptables -L I can see list of banned hosts for SSHD, but I can’t figure out a way to see banned hosts for SASL.

postfix SASL… Continue reading How should output of fail2ban postfix-sasl look like→

Blocking slowloris using fail2ban, what are the correct parameters?

Posted on April 7, 2017 by Alexis Wilke

I have a fail2ban rule for Apache2 logs that which looks like this:

[Definition]
failregex = ^[^ ]+ <HOST> .* \[\] “[^\”]*” 408 \d+

This will detect the 408 errors which happen when a TCP connection times out.

The f… Continue reading Blocking slowloris using fail2ban, what are the correct parameters?→

UFW behind modem does not block remote IP

Posted on March 15, 2017 by Sencer H.

I have a small linux server with fail2ban and UFW installed and configured behind internet gateway modem which ssh port is forwarded to server.

The attackers are discovering by fail2ban and added to iptables and information … Continue reading UFW behind modem does not block remote IP→