Hacker News new | past | comments | ask | show | jobs | submit login

If all you're worried about is keeping the low-level noise out of your logs and discouraging waste of resources on brute-force attacks (which won't work because of course password auth is disabled), I think it's sufficient to use the built-in iptables rate-limit feature on SYN packets.

UFW has a feature that will implement this with a limit of 6 SYN packets in 30 seconds from individual IPs.

    ufw limit ssh/tcp
This may not be ideal for some services like http without persistent connections, and if fail2ban provides extra exploit protection it could be worthwhile.



This is a much better answer than, "If you're using fail2ban for that reason, you don't know what you're doing," as someone said to me recently, so thank you. :-) I'll explore replacing fail2ban with this mechanism.


I don't think he means replacing fail2ban, but augmenting it with this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: