[CentOS] Paranoid Firewalling
Kirk Bocek
t004 at kbocek.com
Tue Sep 6 18:33:56 UTC 2005
Scot L. Harris wrote:
> Actually this won't reduce any bandwidth to your server. The probes
> still hit that address, you are just blocking those packets in iptables
> from begin able to get any further.
Are you saying that the single connect-and-drop that this scheme introduces is going
to use the same bandwidth as a brute-force password attack on hundreds of login names?
> If you could implement this further up the line then you could reduce
> traffic to your servers.
Sure, that would be good. <SARCASM> Do you think I can get SBC to implement custom
filtering for our DSL? </SARCASM> ;)
> Putting a blanket deny on traffic from specific IP ranges is effective
> if attacks are coming from those ranges. The problem is that hackers
> will typically want to use an intermediate site to launch an actual
> attack from. This makes it harder to trace the actual source of the
> attack. At least good hackers do this. Script kiddies don't know to do
> this.
If you read the article, you'll see that the author suggests that the traffic is
probably coming from zombied personal machines in the far east occurring as a result
of a lack of security knowledge and awareness in those new to the net.
I don't expect this to be perfect, just an additional step to protect my servers.
Kirk Bocek
More information about the CentOS
mailing list