Is it worth the effort to block failed login attempts

Posted by dunxd on Server Fault See other posts from Server Fault or by dunxd
Published on 2010-12-29T10:43:26Z Indexed on 2010/12/29 10:55 UTC
Read the original article Hit count: 272

Filed under:
|
|

Is it worthwhile running fail2ban, sshdfilter or similar tools, which blacklist IP addresses which attempt and fail to login?

I've seen it argued that this is security theatre on a "properly secured" server. However, I feel that it probably makes script kiddies move on to the next server in their list.

Let's say that my server is "properly secured" and I am not worried that a brute force attack will actually succeed - are these tools simply keeping my logfiles clean, or am I getting any worthwhile benefit in blocking brute force attack attempts?

© Server Fault or respective owner

Related posts about security

Related posts about ssh