Coert Waagmeester wrote:
On Thu, 2009-07-09 at 15:18 -0700, Bill Campbell wrote:
This appeared today on Macworld, an article saying this is
probably a hoax:
http://www.macworld.com/article/141628/2009/07/openssh_securityhoax.html?lsrc=rss_main
Bill
In my iptables setup I have the following rule: (excuse the ugly line
breaks)
/sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \
--dport 22 -m state -m recent --state NEW --update --seconds 15 -j \
DROPLOG
/sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \
--dport 22 -m state -m recent --state NEW --set -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \
--dport 22 -m state --state ESTABLISHED --state RELATED -j ACCEPT
it only allows one NEW connection to ssh per minute.
That is also a good protection right?
Regards,
Coert
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
Not really protection - rather a deterrent - it just makes it slower for
the script kiddies that try brute force attacks - they have to pace
themselves to one try per minute rather than one or two per second. Thus
they normally move on to an easier target.
You can also use iptables to allow say four attempts from an IP and
then block for 5 or more minutes - this is what I use.
HTH
Rob
begin:vcard
fn:Rob Kampen
n:Kampen;Rob
email;internet:rkampen@xxxxxxxxxxxxxxxxx
tel;work:407-896-9556 x6344
tel;fax:407-896-7607
tel;home:407-876-4854
tel;cell:407-341-3815
version:2.1
end:vcard
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
