Re: Is there an openssh security problem?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, 2009-07-09 at 15:18 -0700, Bill Campbell wrote:
> This appeared today on Macworld, an article saying this is
> probably a hoax:
> 
> http://www.macworld.com/article/141628/2009/07/openssh_securityhoax.html?lsrc=rss_main
> 
> Bill

In my iptables setup I have the following rule: (excuse the ugly line
breaks)

/sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \
--dport 22 -m state -m recent --state NEW --update --seconds 15 -j \
DROPLOG

/sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \
--dport 22 -m state -m recent --state NEW --set -j ACCEPT

/sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \
--dport 22 -m state --state ESTABLISHED --state RELATED -j ACCEPT

it only allows one NEW connection to ssh per minute.

That is also a good protection right?


Regards,
Coert

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux