Re: LUG: RoadRunner residential subnet mask IP filtering - Wed, 23 Dec 2009 00:05:00 -0500

Subject : Re: LUG: RoadRunner residential subnet mask IP filtering

From : "Daniel Underwood" <daniel.underwood@ncsu.[redacted]>

Date : Wed, 23 Dec 2009 00:05:00 -0500

> I presume you are filtering IP addresses to reduce the possibility of
> someone SSHing or brute forcing into your computer, correct?

Yes, correct.

> If this is the case, take a look at DenyHosts

I thought about using something similar called Fail2ban:
<http://www.fail2ban.org/wiki/index.php/Main_Page>

> If there is some other reason you're doing this, please share with me
> because I'd really like to know if I'm doing something wrong!

I think either solution would be fine, however, there is another reason.
My auth log file had thousands of failed ssh attempts (before
implementing bruteforce protection). Using preset IP filtering will get
rid of virtually all these failed ssh attempts in the log file, whereas
the DenyHosts/Fail2ban methods will only reduce the number of failed ssh
attempts in the log file. This makes log monitoring much easier,
because the log file is far less cluttered.
--
Daniel Underwood
North Carolina State University
Graduate Student - Operations Research
email: daniel.underwood@ncsu.[redacted]
phone: XXX.302.3291
web: http://www4.ncsu.edu/~djunderw/

Replies :

Re: LUG: RoadRunner residential subnet mask IP filtering