[CentOS] Intrusion Attempt Prevension - iptables problems
Steve Huff
shuff at vecna.org
Mon Jan 12 20:45:56 UTC 2009
On Jan 12, 2009, at 3:24 PM, James B. Byrne wrote:
> It is evident that this attacker had more than one netblock
> available. It
> is conceivable that, instead of serially attacking us, they could just
> have easily attempted multiple simultaneous connections from all of
> their
> available IP addresses. This would completely defeat the current
> throttle
> rules. Should I also throttle the total number of new connections
> from
> all IPs?
you might be better served by adding an additional layer of defense
e.g. denyhosts (which you can get from Dag). it's pretty good at
deflecting brute-force attacks, especially if you enable
synchronization mode in order to learn about hostile IPs before they
hit you. initial setup should be a matter of minutes, i'd expect.
a useful trick to keep your hosts.deny file from growing to massive
size is to use the hosts.evil include mechanism:
Can I use a non-standard hosts.deny file? (http://denyhosts.sourceforge.net/faq.html#2_6
)
-steve
--
If this were played upon a stage now, I could condemn it as an
improbable fiction. - Fabian, Twelfth Night, III,v
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2209 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090112/8c2c3d7e/attachment.p7s>
More information about the CentOS
mailing list