Re: SSH Brute force attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Why this update here (see below)?

$ipt -A SSH_Brute_Force -m recent --name SSH --update

Every time packet passed --set rule it updates SSH. So if drop this rule, nothing changes. Or am I wrong? Is there any idea behind this that I missed.

The "--set" rule is required because the testing that I did the "--update" rule would not effectively do the same thing as "--set" because there was no initial "--set" to be updated. It's sort of a chicken and egg problem where you can not successfully have one with out having the other in this scenario. The only draw back to having the "--set" that I'm aware of is that the hit count is incremented once per "--set" and "--update" thus you have to double the "--hitcount" value that you want to match against.



Grant. . . .


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux