Hello,
I am running fail2ban on my servers to block unauthorized logins over
SSH. Now the attackers try to use different usernames only once from the
same IP. This looks like the following:
127.0.0.1 : 13 times
aaron: 1 time
admin: 1 time
arbab: 1 time
brody: 1 time
db2inst1: 1 time
frontrow: 1 time
michael: 1 time
openerp: 1 time
openfiler: 1 time
squid: 1 time
support: 1 time
webmaster: 1 time
zachary: 1 time
Is there a way to block these attacks using fail2ban? Currently I block
10 failed logins for five minutes, but this applies only to one username
failing multiple logins.
Thank you
Alfred Egger
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
