Detecting automated penetration attempts (poor man's IDS)

[Lee Sharp]

On 12/17/2014 05:00 PM, Matthew Wedgwood wrote:
> That said, it's quite common to protect administrative (low-traffic)
> interfaces (like SSH) using fail2ban. I'm not sure how
> intelligent/tunable fail2ban is with regard to other type of services.

Very!  You can spend DAYS tweaking rules if you want.  Even lumping AS 
networks together for a localized DDOS attack.  (Only saw this once, and 
it was complex)  It is kinda amazing.

			Lee