IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [fail2ban]

Fail2ban is a program designed to scan server log files and ban IP numbers suspected of malicious activity.

21 questions
0
votes
0 answers

How does fail2ban et al deal with the IP neighbourhood of badly behaving IPs?

Please note, I'm looking more for established documented best-practice rather than personal opinion in this question. I'm also not interested in Fail2Ban specifically but the class of technologies that Fail2Ban is a member of. Fail2Ban et al track…
billpg
  • 101
  • 2
0
votes
1 answer

Limiting number of combo attempts with Fail2ban and 128 bits of entropy

Apps such as Fail2ban and DenyHosts enable unix administrators to limit username/password combo attempts to typically 3 attempts. But why 3? Some admins enable more, like 6 or 8 giving honest users a little more slack when making different attempts…
Angeles89
  • 111
  • 4
0
votes
1 answer

Is fail2ban an intrusion prevention system?

I know what fail2ban does; it monitors the firewall logs and finds ip addresses that have too many failed logins to ssh; and then tells the firewall to drop packets from those addresses. So is fail2ban an IPS?
leeand00
  • 1,297
  • 1
  • 13
  • 21
0
votes
1 answer

Increasing fail2ban ban time with each attempt

I haven't really found any way to do this - I have seen a few issues on the github dealing with it but nothing in the wiki indicating it exists. Right now I have a problem, a set of 3 IP addresses are clobbering my SSHD. It's secure, no big deal -…
user178749
0
votes
0 answers

sshd login obfuscation by prompting for a password although password login is disabled?

The sshd.config and fail2ban both work by blocking authentication requests over a specified path, thus notifying the attacker about the protection measures in place. Wouldn't it be more desirable to not give any information to the attacker? SSH:…
Senkaku
  • 113
  • 5
-1
votes
1 answer

ssh login attempts still showing up even with password login disabled?

I switched all my servers to ssh publickey login and disabled password login about a week ago (root login IS still enabled). I also run Fail2ban and logwatch. Why is there still login attempts showing up in the logs? I admit the number of attempts…
Jason Croyle
  • 101
  • 5
1
2