Is it worth the effort to block failed login attempts
Posted
by
dunxd
on Server Fault
See other posts from Server Fault
or by dunxd
Published on 2010-12-29T10:43:26Z
Indexed on
2010/12/29
10:55 UTC
Read the original article
Hit count: 272
Is it worthwhile running fail2ban, sshdfilter or similar tools, which blacklist IP addresses which attempt and fail to login?
I've seen it argued that this is security theatre on a "properly secured" server. However, I feel that it probably makes script kiddies move on to the next server in their list.
Let's say that my server is "properly secured" and I am not worried that a brute force attack will actually succeed - are these tools simply keeping my logfiles clean, or am I getting any worthwhile benefit in blocking brute force attack attempts?
© Server Fault or respective owner