On Tue, 2005-08-09 at 13:32 -0500, Justin Conover wrote: > On 8/9/05, Justin Conover <justin.conover@xxxxxxxxx> wrote: > > On 8/9/05, Brian Gaynor <briang@xxxxxxxxxxx> wrote: > > > On Tue, 2005-08-09 at 09:39 -0600, Kevin Fenzi wrote: > > > > A better rule (IMHO), I use: > > > > > > > > $IPTABLES -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT > > > > > > > > This has the advantage of only blocking the offending IP if they go > > > > over 1/min, but letting all other ip's still have access until they go > > > > over the limit. > > > > > > I've used similar rules for some time now and they've proven very > > > effective. The only problem I've run into is with subversion over SSH, > > > it generates a lot of short connections sometimes (for example when > > > browsing a repository) and can look like an attack to this kind of > > > block. For that reason I am interested in testing DENYHOSTS. > > > > > > -- > > > Brian Gaynor > > > www.pmccorp.com > > > FC4/Linux on DELL Inspiron 5160 3.0Ghz > > > canis 08:55:20 up 26 min, 1 > > > user, load average: 0.27, 0.22, > > > > > > > > > -- > > > fedora-test-list mailing list > > > fedora-test-list@xxxxxxxxxx > > > To unsubscribe: > > > http://www.redhat.com/mailman/listinfo/fedora-test-list > > > > > > > > > Bastards really want in. > > > > > > sshd: > > Authentication Failures: > > root (61.185.220.46): 528 Time(s) > > unknown (61.185.220.46): 221 Time(s) > > mail (61.185.220.46): 2 Time(s) > > mysql (61.185.220.46): 2 Time(s) > > news (61.185.220.46): 2 Time(s) > > adm (61.185.220.46): 1 Time(s) > > apache (61.185.220.46): 1 Time(s) > > bin (61.185.220.46): 1 Time(s) > > ftp (61.185.220.46): 1 Time(s) > > games (61.185.220.46): 1 Time(s) > > ldap (61.185.220.46): 1 Time(s) > > lp (61.185.220.46): 1 Time(s) > > nobody (61.185.220.46): 1 Time(s) > > operator (61.185.220.46): 1 Time(s) > > root (201.145.24.178): 1 Time(s) > > rpm (61.185.220.46): 1 Time(s) > > squid (61.185.220.46): 1 Time(s) > > sshd (61.185.220.46): 1 Time(s) > > Invalid Users: > > Unknown Account: 221 Time(s) > > Bad User: root: 1 Time(s) > > Sessions Opened: > > justin: 1 Time(s) > > > ssh bob@<myIP> > Stay the **** off my box! Loosers, you can't get in. Your a bunch of > script-kiddes that suckled on your momma to long. If you think your > talented, than use it to do real hacking, like on Open Source Linux. > Otherwise, take your noobie cracking ass back to school! > What is really going to be funny, is when someone ends up with a few hundred thousands lines of firewall config and restart's their firewall or reloads their box. I don't see where most people would benefit from a slew of 32 bit length firewall rules. Now if it where smart enough to block the entire ip block, preferably top registration that would be much more useful. Be careful what you wish for, you might just get it. Ted -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-test-list