Every system administrator is sick of brute force attacks on sshd and ftp daemons. There could be hundreds of thousands attempts to login by random names and guessing passwords. Changing the default listening port numbers will not help as nmap can scan and pinpoint a particular service on an alien port.
This is what I had suffered in the past 5 years. With the help of fail2ban, it is time to say no to brute force attacks. Fail2ban takes out offending IP addresses from system log files and passes them to iptables for denying further access. Here is my fail2ban log after detecting 5 attempts of ftp brute force attacks and then initiating the banning of the IP address.
2007-07-02 20:07:28,345 WARNING: Restoring firewall rules...
2007-07-02 20:08:13,773 WARNING: vsFTPD: Ban 219.77.22.254
2007-07-02 20:18:14,735 WARNING: vsFTPD: Unban 219.77.22.254
The default config bans an offending IP address for 600 seconds and then release it. System administrators can change the config to ban the offending IP addresses permanently.
This is one of the security tools highly recommended by me.
No comments:
Post a Comment