On 2012/05/04 23:42, Reindl Harald wrote:
Am 05.05.2012 02:31, schrieb jdow:
I don't know nessus. I am guessing that "-n 1000" part means 1000 trials
and it's running as fast as it can go. The idea is to test up to your
DDOS limit, wait 2 seconds, repeat. Can the test be hacked to keep your
sy
Am 05.05.2012 02:31, schrieb jdow:
>>> I don't know nessus. I am guessing that "-n 1000" part means 1000 trials
>>> and it's running as fast as it can go. The idea is to test up to your
>>> DDOS limit, wait 2 seconds, repeat. Can the test be hacked to keep your
>>> system at its limit but not ove
On 2012/05/04 15:42, Reindl Harald wrote:
Am 05.05.2012 00:31, schrieb jdow:
with 75 instead of 100 evebn a "ab -c 4 -n 1000" is completly
broken from outside the own network because "apache benchmark"
thinks the host is dead after 83 connections and stops due too
many errors - well, i guess e
Am 05.05.2012 00:31, schrieb jdow:
>> with 75 instead of 100 evebn a "ab -c 4 -n 1000" is completly
>> broken from outside the own network because "apache benchmark"
>> thinks the host is dead after 83 connections and stops due too
>> many errors - well, i guess exactly that is the problem for
>>
On 2012/05/04 02:57, Reindl Harald wrote:
Am 04.05.2012 11:37, schrieb jdow:
But, then, I note your setting with --recent is not nearly as stringent as
mine. Any given address gets one connection per minute to ssh. That VASTLY
slows down dictionary attacks. Yours is a significant slow down; bu
Am 04.05.2012 11:37, schrieb jdow:
> But, then, I note your setting with --recent is not nearly as stringent as
> mine. Any given address gets one connection per minute to ssh. That VASTLY
> slows down dictionary attacks. Yours is a significant slow down; but, not
> so much that somebody could no
On 2012/05/04 01:15, Reindl Harald wrote:
Am 04.05.2012 03:10, schrieb jdow:
On 2012/05/03 10:57, Reindl Harald wrote:
Am 03.05.2012 19:46, schrieb Paul W. Frields:
On Thu, May 03, 2012 at 04:21:20PM +0200, Reindl Harald wrote:
iptables -I INPUT -p tcp -i eth0 ! -s $LOCAL_NETWORK -m state
Am 04.05.2012 03:10, schrieb jdow:
> On 2012/05/03 10:57, Reindl Harald wrote:
>>
>> Am 03.05.2012 19:46, schrieb Paul W. Frields:
>>> On Thu, May 03, 2012 at 04:21:20PM +0200, Reindl Harald wrote:
iptables -I INPUT -p tcp -i eth0 ! -s $LOCAL_NETWORK -m state --state NEW
-m recent --se
On 2012/05/03 10:57, Reindl Harald wrote:
Am 03.05.2012 19:46, schrieb Paul W. Frields:
On Thu, May 03, 2012 at 04:21:20PM +0200, Reindl Harald wrote:
is there any way to specify here more than one source-address
(the usual comma seperated way does not work in this context)
a complete ACCEPT
Am 03.05.2012 19:46, schrieb Paul W. Frields:
> On Thu, May 03, 2012 at 04:21:20PM +0200, Reindl Harald wrote:
>> is there any way to specify here more than one source-address
>> (the usual comma seperated way does not work in this context)
>>
>> a complete ACCEPT before is no solution because it
On Thu, May 03, 2012 at 04:21:20PM +0200, Reindl Harald wrote:
> is there any way to specify here more than one source-address
> (the usual comma seperated way does not work in this context)
>
> a complete ACCEPT before is no solution because it would bypass
> any selective ACCEPT-rule
>
> iptabl
is there any way to specify here more than one source-address
(the usual comma seperated way does not work in this context)
a complete ACCEPT before is no solution because it would bypass
any selective ACCEPT-rule
iptables -I INPUT -p tcp -i eth0 ! -s $LOCAL_NETWORK -m state --state NEW -m
recen
12 matches
Mail list logo
