On Wednesday 16 Nov 2005 00:34, Jiann-Ming Su wrote: > On 10/15/05, Ritesh Raj Sarraf <[EMAIL PROTECTED]> wrote: > > ## SSH Bruteforce > > iptables -N SSH_WHITELIST > > iptables -A SSH_WHITELIST -s 10.0.1.0/24 -m recent --remove --name SSH -j > > ACCEPT iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent > > --set --name SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW > > -j SSH_WHITELIST iptables -A INPUT -p tcp --dport 22 -m state --state NEW > > -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j denylog > > While this is the best solution I've seen as well, there are some > issues with the "recent" module... > > http://lists.debian.org/debian-kernel/2005/10/msg00302.html >
I haven't yet seen this behavior on my machines. It's been a month now since I'm using the "recent" module. Regards, rrs -- Ritesh Raj Sarraf RESEARCHUT -- http://www.researchut.com "Stealing logic from one person is plagiarism, stealing from many is research." "Necessity is the mother of invention."
pgp9ccaDvO2pe.pgp
Description: PGP signature
