av> Very dangerous thing... However, it makes some fun to use it
 av> against the admin^Widiot who installed it :-)

I'm curious ... why is fail2ban dangerous?

 av> Being a security expert, I know (and use; and, obviously,
 av> recommend) better method: limit the number of connections per
 av> minute to 2 or 3, thus making any and all bruteforce attacks
 av> time-ineffective.

I don't see why these are mutually exclusive ... but maybe I'm not an expert
enough. If you use key-only authentication for SSH (for example), it makes
perfect sense to add someone to a ban list for 15-600 minutes if they fail 3
times (for example).

I quite often legitimately connect with 2-3-4 SSH sessions to the same server
within a few minutes, but they don't fail of course :)



 -joho

---