Overview
Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form |
AdamS 86 Posts Nov 29th 2012 |
Thread locked Subscribe |
Nov 29th 2012 8 years ago |
I see a lot of attempts against my SSH server. Very thankful for fail2ban http://en.wikipedia.org/wiki/Fail2ban
I have it configured for 1 try and 10 minute ban. |
PaulOutBox 7 Posts |
Quote |
Nov 30th 2012 8 years ago |
fail2ban already has a dshield "action" that can be used to report scans. Please enable it (see the dshield.conf file that comes with fail2ban for details). With fail2ban, you don't get passwords, but you still get the source IP that is reported to Dshield as a "port 22 portscan").
|
Johannes 4045 Posts ISC Handler |
Quote |
Nov 30th 2012 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!