On 8/9/05, Brian Gaynor <briang@xxxxxxxxxxx> wrote: > On Tue, 2005-08-09 at 09:39 -0600, Kevin Fenzi wrote: > > A better rule (IMHO), I use: > > > > $IPTABLES -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT > > > > This has the advantage of only blocking the offending IP if they go > > over 1/min, but letting all other ip's still have access until they go > > over the limit. > > I've used similar rules for some time now and they've proven very > effective. The only problem I've run into is with subversion over SSH, > it generates a lot of short connections sometimes (for example when > browsing a repository) and can look like an attack to this kind of > block. For that reason I am interested in testing DENYHOSTS. > > -- > Brian Gaynor > www.pmccorp.com > FC4/Linux on DELL Inspiron 5160 3.0Ghz > canis 08:55:20 up 26 min, 1 > user, load average: 0.27, 0.22, > > > -- > fedora-test-list mailing list > fedora-test-list@xxxxxxxxxx > To unsubscribe: > http://www.redhat.com/mailman/listinfo/fedora-test-list > Bastards really want in. sshd: Authentication Failures: root (61.185.220.46): 528 Time(s) unknown (61.185.220.46): 221 Time(s) mail (61.185.220.46): 2 Time(s) mysql (61.185.220.46): 2 Time(s) news (61.185.220.46): 2 Time(s) adm (61.185.220.46): 1 Time(s) apache (61.185.220.46): 1 Time(s) bin (61.185.220.46): 1 Time(s) ftp (61.185.220.46): 1 Time(s) games (61.185.220.46): 1 Time(s) ldap (61.185.220.46): 1 Time(s) lp (61.185.220.46): 1 Time(s) nobody (61.185.220.46): 1 Time(s) operator (61.185.220.46): 1 Time(s) root (201.145.24.178): 1 Time(s) rpm (61.185.220.46): 1 Time(s) squid (61.185.220.46): 1 Time(s) sshd (61.185.220.46): 1 Time(s) Invalid Users: Unknown Account: 221 Time(s) Bad User: root: 1 Time(s) Sessions Opened: justin: 1 Time(s) -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-test-list