| 1 |
On Thu, Feb 28, 2008 at 11:13:10AM +0000, Penguin Lover Steve squawked: |
| 2 |
> Thanks for all your suggestions... |
| 3 |
> |
| 4 |
> I will look into fail2ban... that might be what I need... While I could |
| 5 |
> crank BLOCKING_PERIOD for blacklist.py to an absurdly high value, this |
| 6 |
> (AFAIK) will not persist blocks when the server is powered down or rebooted. |
| 7 |
|
| 8 |
Hum, that is interesting. I haven't played with blacklist.py, but if |
| 9 |
it runs on top of iptables, the iptables init script *should* save the |
| 10 |
current config when powering down. I sort of depended on that when I |
| 11 |
cobbled together a perl script 2 years ago to parse the sshd log and |
| 12 |
ban sites using iptables. |
| 13 |
|
| 14 |
Also, I would not suggest banning forever. I started with the same |
| 15 |
mentality as you and coded as such. I switched quickly to banning for |
| 16 |
1 hour when once, due to not noticing the caps-lock light, I banned my |
| 17 |
work computer completely... After switching to the 1 hour ban, I did a |
| 18 |
small experiment and saved about 2 months worth of logs. Not a single |
| 19 |
ip address has been banned more than once (but there were several /24 |
| 20 |
in Korea, Taiwan, and Mexico that have many ip addresses banned). |
| 21 |
Based on this, I don't think it is strictly necessary to ban forever. |
| 22 |
|
| 23 |
Just my 2 cents. |
| 24 |
|
| 25 |
W |
| 26 |
-- |
| 27 |
Santa's helpers are subordinate clauses. |
| 28 |
Sortir en Pantoufles: up 447 days, 14:37 |
| 29 |
-- |
| 30 |
gentoo-user@l.g.o mailing list |
Archives