On 7/1/05, Marius Mertens <marius.mertens@xxxxxx> wrote: > Add a host to a special whiltelist after doing something special, like > connecting to a certain port, which would lower the risk of a DOS (they can > still try, but you can override it) I've been considering this too. It's actually a simple form of port knocking that can be implemented exclusively in iptables (without the need of extra tools). The primary goal of port knocking is to foil port scans, but it could be applicable here. To protect against DoS, is there any easy way of requiring that three packets be transferred in an SSH connection before it triggers a recent update? Since someone spoofing source IPs to DoS would be unlikely to continue the connection with the server, such DoS attacks might be foiled more effectively this way than using rttl (which the attacker can just exhaustively try all values for).
