From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MnH3S-0001ib-FR for garchives@archives.gentoo.org; Mon, 14 Sep 2009 19:17:38 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C0A08E0771; Mon, 14 Sep 2009 19:17:36 +0000 (UTC) Received: from mail-yx0-f197.google.com (mail-yx0-f197.google.com [209.85.210.197]) by pigeon.gentoo.org (Postfix) with ESMTP id 9F1E7E0771 for ; Mon, 14 Sep 2009 19:17:36 +0000 (UTC) Received: by yxe35 with SMTP id 35so11650723yxe.2 for ; Mon, 14 Sep 2009 12:17:36 -0700 (PDT) Received: by 10.90.242.1 with SMTP id p1mr4045030agh.105.1252955855647; Mon, 14 Sep 2009 12:17:35 -0700 (PDT) Received: from ?10.10.0.2? (19-69-235-201.fibertel.com.ar [201.235.69.19]) by mx.google.com with ESMTPS id 2sm5440656agd.27.2009.09.14.12.17.32 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 14 Sep 2009 12:17:32 -0700 (PDT) Message-ID: <4AAE96C9.3090900@buanzo.com.ar> Date: Mon, 14 Sep 2009 16:17:29 -0300 From: Arturo 'Buanzo' Busleiman Organization: GNU/Buanzo User-Agent: Thunderbird 2.0.0.23 (X11/20090817) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 To: gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] iptables && fail2ban References: <10114659.21222086363221.JavaMail.gibbonsr@twix.insanity5902.no-ip.org> <4A7559A4.4090400@gmail.com> <279fbba40908010253p11603234x627e90407f0eacf9@mail.gmail.com> <4A757751.5000000@gmail.com> <1249149991.4396.2.camel@laptop.homershut.net> <4A7DDE0E.60704@gmail.com> <4A7E0524.9010602@gmail.com> In-Reply-To: <4A7E0524.9010602@gmail.com> X-Enigmail-Version: 0.96.0 OpenPGP: id=6857704D Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 0fb205fd-0f3e-4c0a-8b10-7fc20b47aaba X-Archives-Hash: fb64877855bdbbef397ae6d3e523079c -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 paul k=C3=B6lle wrote: > Not really. IMO all these brute-force-polling-logwatcher are pretty bad > design. If proftpd uses pam you should search for pam_shield, it can > recognize failed logins and insert the appropriate rules into your > firewall. You've just stated a particular set of cases: applications that do auth a= nd support pam. fail2ban is also used with fastcgi, lighttpd, apache, mod_security, nagio= s, etc, etc, etc. and polling is the fallback method.... anyway, subjective opinon here, i'm one of fail2ban developers :P - don't= take me seriously. - -- Arturo "Buanzo" Busleiman / Arturo Busleiman @ 4:900/107 Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREKAAYFAkqulskACgkQAlpOsGhXcE2vLACfYog8xe6K8o71kxu2WrdBZcLn qhcAniFwShclOrirUE+wQKQHEOxxTA5l =3DBCAP -----END PGP SIGNATURE-----