System: fail2ban and iptables
source: http://www.the-art-of-web.com/system/fail2ban/
Around the beginning of 2005 we saw an increase in brute-force ssh attacks – people or robots trying different combinations of username and password to log into remote servers. A quick search on this topic returns many references to iptables and ipchains but noone really explained how they work.
Having just gone through this learning curve myself, and found a satisfactory solution in the fail2ban package, I’m going to try and explain how to achieve the simple goal of banning IP addresses that make repeated failed ssh login attempts.
If you want more technical information regarding firewalls and iptables in particular, see the References section at the bottom of this page. Lire la suite…