Web lists-archives.com

Re: sucessor for denyhosts?




Am Samstag, 9. März 2019, 11:22:45 CET schrieb mj:
Hi MJ, 

that is a good point, that only services are blocked, which are using 
hosts.deny. For the other ports I am using tools like porstentry and 
hostentry, which are running well and do a good job.

My personal style is strange: I am looking, on which kind or way an attacker 
could intrude my system and then defend with the rquired tool. I am never 
relying on one tool, it is always a combination of several tools - like I say, 
a "concept".

Of course I pay attention, that my tools do not interfere each other. And you 
may wonder - it happens, that there is a new attacking threat, then I defend 
against it and after one or two years I forgot about it. "Fire and forget".

But from time to time I recheck my strategies (like this time) and look, what 
can be improved/exchanged/whatever, like today.

I will give fail2ban a try, as it looks like the most suggested tool at the 
moment. But as I said before - let's see of more suggestions.

Best

Hans




> Hi,
> 
> We are using fail2ban to do this. It offers many more options, and works
> by creating iptables rules. This gives you  much more control over what
> ports exactly are blocked.
> 
> Plus I think (correct me if Im wrong) that using /etc/hosts.deny to
> block access only works with programs that are compiled to do so, and
> iptables will always work.
> 
> MJ

Attachment: signature.asc
Description: This is a digitally signed message part.