On Wed, Feb 27, 2008 at 10:39:15PM +0100, Penguin Lover Anno v. Heimburg
squawked:
> It limits the number of new connections on each port in
> INPUT_LIMITER_TCPPORTS from any individual host to INPUT_LIMITER_COUNT
> within INPUT_LIMITER_TIME.
My experience suggests that finding the right INPUT_LI
On Thu, Feb 28, 2008 at 11:13:10AM +, Penguin Lover Steve squawked:
> Thanks for all your suggestions...
>
> I will look into fail2ban... that might be what I need... While I could
> crank BLOCKING_PERIOD for blacklist.py to an absurdly high value, this
> (AFAIK) will not persist blocks whe
Thanks for all your suggestions...
I will look into fail2ban... that might be what I need... While I could
crank BLOCKING_PERIOD for blacklist.py to an absurdly high value, this
(AFAIK) will not persist blocks when the server is powered down or rebooted.
I need to retain port 22 and can't ea
On Wednesday 27 February 2008, Remy Blank wrote:
> Steve wrote:
> > I'm one of the (many) people who has opportunists trying usernames
> > and passwords against SSH... while every effort has been made to
> > secure this service by configuration; strong passwords; no root
> > login remotely etc. I
On Wed, 2008-02-27 at 21:24 +0100, Remy Blank wrote:
> A simple solution is to run sshd on a
> non-standard, high-numbered port, e.g. in the 30'000. Bots only ever try
> to connect on port 22. This will *not* improve the protection of your
> server, but it will avoid having your logs spammed.
Justin wrote:
> Try fail2ban
Alternatively, you can use the builtin iptables connection rate limiter.
Excerpt from my home-grown firewall script:
for port in $INPUT_LIMITER_TCPPORTS; do
$IPT_IN -p tcp --dport $port -m state --state NEW -m \
recent --name "limit-${port}" --
Steve wrote:
I'm one of the (many) people who has opportunists trying usernames and
passwords against SSH... while every effort has been made to secure this
service by configuration; strong passwords; no root login remotely etc.
I would still prefer to block sites using obvious dictionary atta
Sorry here's the link I should have posted:
http://www.cipherdyne.org/fwknop/
--
gentoo-user@lists.gentoo.org mailing list
Steve wrote:
I can't believe that I'm the only person with this, so it's probably
worth asking.
I'm one of the (many) people who has opportunists trying usernames and
passwords against SSH... while every effort has been made to secure this
service by configuration; strong passwords; no root l
9 matches
Mail list logo
