Blocking brute force attacks under Linux

Marius Ducea discussed three ways how to block brute force attacks under Linux using iptables, PAM and fail2ban. All three posts are quite detailed and well written
Profile photo of Michael Pietroforte

Michael Pietroforte

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in IT management and system administration.
Profile photo of Michael Pietroforte

iptables is a tool for packet filtering and NAT. You can use it to setup a firewall with shell scripts. A shell script with just a few lines is enough to block an IP address attempting to establish too many connection within a certain time frame.

PAM (Pluggable Authentication Modules) is an API used by many Unix systems for authentication. Marius described how to use PAM to block the IP address of an attacker after three failed logon attempts on a ssh server.

fail2ban can be used to update firewall rules based on log files scans. Marius demonstrated how to secure an ssh server with fail2ban using iptables.

The last two options are certainly more sophisticated than the mere iptables solution. Unfortunately, it takes more time to configure them as you might have to install the tools first.

My favorite solution is fail2ban since you can use it with almost any application, plus there are packages for most Linux distributions. PAM is more difficult to setup as you probably will have to install it from sources.

Marius described the installation and configuration of all three options in detail:

Using iptables to Block Brute Force Attacks
Using PAM to Block Brute Force Attacks
Using fail2ban to Block Brute Force Attacks

Share
-1+1 (No Ratings Yet)
3 Comments
  1. avatar
    - Marius - 10 years ago

    Michael, thanks for your nice words. I still have to finish up some other parts of these series of articles in the next days, so leave room for some more .
    Cheers,- Marius –

  2. Profile photo of Michael Pietroforte
    Michael Pietroforte 10 years ago

    Great! I am looking forward to the next article in this series.

  3. avatar
    mut ante 9 years ago

    hi all:
    i am interested in reading what Marius Ducea wrote…. but links to http://www.ducea.com/ are not working….. can anyone redirect me please…

    thanks in advance

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2016

Log in with your credentials

or    

Forgot your details?