Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Nov 2012 18:46:17 -0600 (CST)
From:      Robert Bonomi <bonomi@mail.r-bonomi.com>
To:        alexmiroslav@gmail.com, freebsd-questions@freebsd.org
Subject:   Re: denyhosts, fail2ban, or something else?
Message-ID:  <201211280046.qAS0kHYK005858@mail.r-bonomi.com>
In-Reply-To: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> From owner-freebsd-questions@freebsd.org  Tue Nov 27 16:26:46 2012
> Date: Tue, 27 Nov 2012 17:25:08 -0500
> Subject: denyhosts, fail2ban, or something else?
> From: Aleksandr Miroslav <alexmiroslav@gmail.com>
> To: freebsd-questions@freebsd.org
>
> Finally got sick of seeing tons of ssh break-in attempts in my logs. Am
> considering using denyhosts, or fail2ban. Anyone have any experience
> with these?
>
> I'm already using the AllowUsers facility of ssh to only allow specific
> users in, so I'm not overly concerned about the attempts.

The single most effective method of reducng such log 'noise' is to run sshd
on a non-standard port.  Does NOT provide any added security; DOES reduce
the noise.  virtually _100%_effective_ at noise reduction.

fail2ban is painlesss to install/configure.  Helps with repeat stuff from
he same source.  Not much help with 'distributed' sources.  I've used it,
found "non-standard port" to be 'good enough for me'.





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?201211280046.qAS0kHYK005858>