Ajen@sh.itjust.works
on 30 Jul 2025 16:35
nextcollapse
The thing about fail2ban is that it’s only affective against automated scans and script kiddies, and if you keep things updated and configured correctly then they aren’t a threat. Any adversary that can break encryption or exploit a zero day can also get around fail2ban.
threaded - newest
The thing about fail2ban is that it’s only affective against automated scans and script kiddies, and if you keep things updated and configured correctly then they aren’t a threat. Any adversary that can break encryption or exploit a zero day can also get around fail2ban.
.
Fr tho why does no one do port knocking? I know its not a comprehensive solution but it’s a pretty cool component imo.
.
Port knocking is cool, but tunneling everything through ssh or a VPN (with strong keys, not passwords) is more secure.