[Techtalk] How to block ports
Maria Pinjanainen
maria at tietonoita.fi
Sat May 17 20:16:27 UTC 2008
Erin Kolp wrote:
> On the subject of IPTables and all that good stuff.. :)
>
> You may want to look into Fail2Ban -- A set of Python scripts that
> constantly checks log files for failed authentications on ports/
> services you define. When a number of failed attempts is reached,
> Fail2Ban automatically blocks the remote host using IPTABLES and
> emails you a brief summary.
>
> http://www.fail2ban.org/wiki/index.php/Main_Page
>
> I've been using it for a couple of months and have had no issues with
> it. See below for one of the ftp ban reports.
>
> Hope this helps! :)
>
> -Erin
>
>
Denyhosts; *denyhosts*.sourceforge.net/ is quite nice tool, too. Similar
than that. It just blocs ip-adders out, writes it into hosts.deny, if
someone tries to log into host and fails too many times... Easy to
install and, for example the defaults are quite usable in Debian. The
default setup works with ssh-login. I have not used it for other
services, because ssh just what I need.
-m-
More information about the Techtalk
mailing list