On 8/9/05, Justin Conover <justin.conover@xxxxxxxxx> wrote: > On 8/9/05, Brian Gaynor <briang@xxxxxxxxxxx> wrote: > > On Tue, 2005-08-09 at 09:39 -0600, Kevin Fenzi wrote: > > > A better rule (IMHO), I use: > > > > > > $IPTABLES -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT > > > > > > This has the advantage of only blocking the offending IP if they go > > > over 1/min, but letting all other ip's still have access until they go > > > over the limit. > > > > I've used similar rules for some time now and they've proven very > > effective. The only problem I've run into is with subversion over SSH, > > it generates a lot of short connections sometimes (for example when > > browsing a repository) and can look like an attack to this kind of > > block. For that reason I am interested in testing DENYHOSTS. > > > > -- > > Brian Gaynor > > www.pmccorp.com > > FC4/Linux on DELL Inspiron 5160 3.0Ghz > > canis 08:55:20 up 26 min, 1 > > user, load average: 0.27, 0.22, > > > > > > -- > > fedora-test-list mailing list > > fedora-test-list@xxxxxxxxxx > > To unsubscribe: > > http://www.redhat.com/mailman/listinfo/fedora-test-list > > > > > Bastards really want in. > > > sshd: > Authentication Failures: > root (61.185.220.46): 528 Time(s) > unknown (61.185.220.46): 221 Time(s) > mail (61.185.220.46): 2 Time(s) > mysql (61.185.220.46): 2 Time(s) > news (61.185.220.46): 2 Time(s) > adm (61.185.220.46): 1 Time(s) > apache (61.185.220.46): 1 Time(s) > bin (61.185.220.46): 1 Time(s) > ftp (61.185.220.46): 1 Time(s) > games (61.185.220.46): 1 Time(s) > ldap (61.185.220.46): 1 Time(s) > lp (61.185.220.46): 1 Time(s) > nobody (61.185.220.46): 1 Time(s) > operator (61.185.220.46): 1 Time(s) > root (201.145.24.178): 1 Time(s) > rpm (61.185.220.46): 1 Time(s) > squid (61.185.220.46): 1 Time(s) > sshd (61.185.220.46): 1 Time(s) > Invalid Users: > Unknown Account: 221 Time(s) > Bad User: root: 1 Time(s) > Sessions Opened: > justin: 1 Time(s) > ssh bob@<myIP> Stay the **** off my box! Loosers, you can't get in. Your a bunch of script-kiddes that suckled on your momma to long. If you think your talented, than use it to do real hacking, like on Open Source Linux. Otherwise, take your noobie cracking ass back to school! -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-test-list