Am 30.11.2012 12:07, schrieb Tomas Macek: > Fail2ban looks good, I will try it. But I'm worrying about to many > filter rules in fail2ban chain, that could lead into slowing down the > whole machine. The force attacks are often really brute and the IP's of > the clients change often also. But this could be a good way...
fail2ban is not very heavyweight with ipset however most brute force are running against pop3 and imap these days not submission what i had ,was ,fail2ban log parsing was to slow with millions of bot cons on port 25 so i wrote a mail syslog parser script reading direct from a syslog pipe grep and echo bot ip in i.e recent iptables modul you may do like this with brute force ips too Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
