WingNews logo WingNews
top | item 37796849

(no title)

pandog | 2 years ago

If someone is performing a denial of service attack from one I.P. address then this will help.

To tptacek's point, you've got to ask yourself is a denial of service attack in your threat model?

The reality is most folk set up fail2ban after seeing auth failures in their logs, not service degradation.

If you're considering a denial of service attack in your threat model, then I'd probably also consider a DDoS attack and there are likely more effective solutions here (a firewall or CDN).

And don't forget you're using some of those precious CPU cycles to parse the auth logs, with python no less :-)

discuss

order

_vOv_|2 years ago

>And don't forget you're using some of those precious CPU cycles to parse the auth logs, with python no less :-)

You can ship the log somewhere else, do the fail2ban there and perform the block action in another place up the stack.

inferiorhuman|2 years ago

f2b can also do an (r)whois lookup and ban netblocks.