Difference between revisions of "Block SMTP Authentication Attacks With Fail2Ban"

Revision as of 13:00, 7 February 2014

Blocking SMTP authentication brute force attacks using Fail2Ban - Fail2Ban can be used to block brute force attacks against your mail server. The attackers are blocked by their source IP using iptables. Although it doesn't block SMTP attacks by default, Fail2Ban can be configured to do so.

Fail2ban works by scanning log files to detect attacks such as log entries indicating multiple failed login attempts. It scans though the log, identifies an offending IP address, then creates an on-the-fly firewall rule to block it. It is typically configured to use iptables to accomplish this, however, it is not restricted to any one firwall, or using just firewall rules.

First, you need to install Fail2Ban. For Redhat/Fedora/CentOS use yum.

yum install fail2ban

Now modify the configuration file

vi /etc/fail2ban/fail2ban.conf

Set the path to the log file.

Difference between revisions of "Block SMTP Authentication Attacks With Fail2Ban"

Revision as of 13:00, 7 February 2014

Navigation menu

Views

Personal tools

Navigation

Popular Categories

comprehensive

Search

D.U.C.K. Toolbox

@@ Line 2: / Line 2: @@
 Fail2ban works by scanning log files to detect attacks such as log entries indicating multiple failed login attempts.  It scans though the log, identifies an offending IP address, then creates an on-the-fly firewall rule to block it.  It is typically configured to use iptables to accomplish this, however, it is not restricted to any one firwall, or using just firewall rules.
+First, you need to install Fail2Ban.  For Redhat/Fedora/CentOS use yum.
+ yum install fail2ban
+Now modify the configuration file
+ vi /etc/fail2ban/fail2ban.conf
+Set the path to the log file.