Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

ELI5: Is Fail2Ban Necessary for Me? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

ELI5: Is Fail2Ban Necessary for Me?

2»

Comments

  • NomadNomad Member

    @angstrom said:

    @Nomad said:

    @WSS said:

    @Nomad said:
    Also give ddos deflate a go as well.

    This isn't the greatest script. You'd do a hell of a lot better by just disabling KeepAlive and altering your TCP settings accordingly. All this will do is close a multitude of source requests from the same host. It wont really help that much.

    Fail2ban (and sshguard) will hinder the client from this being even slightly useful- but nothing is as good as upstream filtering.

    Well, not so great. Perhaps.
    But if you set the settings high enough, you can prevent abusing connections and permit healthy ones once you whitelist cloudflare etc. It's not a protection suite indeed. But it does help a bit in some cases.

    Yeah, I guess that ddos deflate could (as a side effect) cover some of the functionality of fail2ban or sshguard. But for those of us who are more concerned about forced entry attempts than about ddos attacks, fail2ban or sshguard seems to be the better option.

    Well, I actually meant "along with". Not as the single layer of protection (:

  • WSSWSS Member

    I neglected to mention- but indirectly implied that unless you change TIME_WAIT, you're still going to have those idling until the stack closes the connections, so for most purposes, it's basically useless, with the overhead of running a shell script managing all of this.. which will not help when you have a high load. You really want to use iptables/ipf/pf/et al to limit connections.

Sign In or Register to comment.