[CentOS] Paranoid Firewalling

Ian mu mu.llamas at gmail.com
Sat Oct 8 20:00:02 UTC 2005


For the paranoid firewalling, do both? ;) (adjusting ports to match)

On 10/8/05, Scot L. Harris <webid at cfl.rr.com> wrote:
>
> On Sat, 2005-10-08 at 13:50, Sam Drinkard wrote:
> > Looking at that perl script gave me an idea, but yet a question. I
> > notice there is a line that says something about "Max Retries". Is that
> > something that is configurable somewhere, or can be turned on?
> >
> > I know there have been long discussions about blocking the brute force
> > attempts at breakins, but at the time I did not see much need for it.
> > Not long after that, I started seeing somewhere between 100 and as high
> > as 800 attempts to break in via the sshd. Not that I'm too worried
> > about someone guessing a password, but in those numbers, it does take
> > some bandwidth. I'd like to see something like Max Retries of 3, so if
> > someone tries 3 times to guess the password, or different usernames, it
> > would throw their IP/hostname into the /etc/hosts.deny file,
> > permanently. BSD does things a bit different, in that the hosts.allow
> > does both the allows and the denies, making hosts.deny pretty much
> > moot. Given those thoughts, what kind of something is available to do
> > just that -- the max retries thingy?
> >
>
> Would you not get the same or better results by moving the sshd port to
> something other than the default? Would not have to spend any resources
> on tracking IP addresses.
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.centos.org/pipermail/centos/attachments/20051008/151e4343/attachment.htm


More information about the CentOS mailing list