Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Me and @p4bl0. I've got one box with ssh on 22. Logs are very noisy and the rules from fail2ban grow and grow.

On the other 20+ boxen with ssh on port xxx22 the logs and f2b rules are much smaller - which means less hassle for the admin.

And on the boxen with services behind WG there is zero noise.

Naturally we're using keys only with all this. The reduced noise in the logs/rules/firewall are very handy.



I love Brian Regan but I have to say, even though I'm probably ruining one of his best jokes [0], that the plural form of "box" is not "boxen".

[0] https://www.youtube.com/watch?v=xkrMsPiqG6M&feature=youtu.be...


Oh, I'm aware it's "boxes". But, I got into the "boxen" habit in the middle 90s and now that I'm "old" I've chosen to become stubborn and stuck in my ways. Also, I think it's more fun. I've got other things to be pedantic about.


I'm pretty sure "Unix boxen" predates Brian Regan's standup.


OpenSSH on port 22 gets at least one attempt a minute for me (and that's with fail2ban blocking IPs on a single failure.) Dropbear on port 2222 gets at most one an hour.


Since I cleaned out and restarted fail2ban yesterday (~1800BST), the sshd:22 filter has banned 291 IPs whilst the dropbear:2222 filter has banned 8.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: