There an extremely valuable proactive reason. If you detect portscans or attacks or abuses on one of your network devices, you might wish to proactively share that info with the rest of your servers or devices.
The good thing about open source software, is that the software does not specify WHY you should use it, or HOW. You can modify it to your needs. A user has a need, and he found a tool to fulfill that need in fail2ban. I support that. But I do ALSO support the excellent points Perry is making! This is a valuable discussion. On Tue, Jan 5, 2016 at 11:23 AM, Perry E. Metzger <pe...@piermont.com> wrote: > On Tue, 5 Jan 2016 09:09:22 -0500 Alex <mysqlstud...@gmail.com> wrote: > > I agree with what you've said from the perspective of a security > > professional and a "good Internet neighbor". However, we have a > > default-deny policy on our firewall. > > That's your decision and there's nothing wrong with it as such. > However, you said: > > "I can't think of any reason a legitimate attempt would be made to > communicate with that address" > > and there are plenty of entirely legitimate reasons for scanning. > There is no reason to be disturbed by scanning per se. > > Regardless, if you already have a firewall policy you feel > comfortable with and it blocks everything by default (which is > entirely reasonable), there's no need to use fail2ban to prevent > scanning. The real function of fail2ban is to prevent abuse of ports > that you are leaving open for some good reason (say ssh or smtp > submission). > > Perry > -- > Perry E. Metzger pe...@piermont.com > > > ------------------------------------------------------------------------------ > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
