On Tue, 2011-11-22 at 23:52 -0500, jdow wrote: > ===8<--- > $IPTABLES -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set > $IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \ > --rcheck --seconds 180 --hitcount 2 -j LOG --log-prefix 'SSH REJECT: ' \ > --log-level info > $IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \ > --rcheck --seconds 180 --hitcount 2 -j REJECT --reject-with tcp-reset > ===8<--- > > This means a given address gets one chance every 3 minutes to login. > Even "fubar" is a (relatively) secure password when there is riper > fruit for picking when the creep has to wait 3 minutes between trials. > It can be a pain if I mistype my password. It's a tradeoff in that > regard. If more things gave us the choice to see our passwords as we typed them in, there'd be far less login problems. Sure, it's useful to hide them if you're using a computer surrounded by people. But it's pointless when you're home alone, and highly unlikely to be under tempest surveillance. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
