Re: [opensuse] dictionary attacks



* Benji Weber <b.weber@xxxxxxxxxxxxx> [07-16-07 05:04]:
set the following line

FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=120,recentname=ssh"

in /etc/sysconfig/SuSEfirewall2 This will limit to a maximum of 3
attempts per 120s.

This works *very* well, even better than fail2ban, imo. Is there a
similar line that will effect the same on postifx attempts rather than
using fail2ban?

tks,
--
Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
Registered Linux User #207535 @ http://counter.li.org
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx



Relevant Pages

  • Re: [opensuse] can not start fail2ban -SOLVED
    ... it needs python-devel package to work. ... Then you sould make a bug report against the fail2ban package stating ... To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx ... For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx ...
    (SuSE)
  • Re: [opensuse] block failed ssh login attacks? (like fail2ban on ubuntu)
    ... I use fail2ban to look for this kind of ... harassment and block the IP for some amount of time. ... To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx ... For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx ...
    (SuSE)
  • Re: iptables question
    ... in computers, little in Linux) and don't understand everything. ... I think from the docs that fail2ban will do what I need. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
    (Debian-User)
  • Re: POSSIBLE BREAK-IN in auth.log via ssh
    ... your sshd server, try fail2ban ... I used to blacklist all those in my firewall. ... My advice is to install fail2ban. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: Debian SSH server configuration
    ... That almost goes away with fail2ban. ... Yeah, but as alluded to by the post I was replying to - letting the ... That way you waste the attackers time and prevent ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)