On Mon, 2011-10-24 at 18:31 +0200, Reindl Harald wrote: > for portscans allow only 120 connections from the same ip per second > makes it really hard do a full port-scan because it longs forever and > aditionally webservers are proctected against a single dos-attack
120 per second seems overly generous. > try it with "ab -c 20 -n 100000 http://yourhost/"; and you will see Hmm, "ab"... Never go past *ix users for coming up with extremely abbreviated commands. > as you see security is never one setting and it is done and obscurity > as additional prevention is good and no overhead if someone knows to > handle his machines Yes/no... It's too easy to think being obscure protects you when it doesn't really. It only slightly shifts the goal posts. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
