[CentOS] Intrusion Attempt Prevension - iptables problems
Steve Huff
shuff at vecna.orgMon Jan 12 20:45:56 UTC 2009
- Previous message: [CentOS] Intrusion Attempt Prevension - iptables problems
- Next message: [CentOS] (Semi-OT) Problems with Firefox
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jan 12, 2009, at 3:24 PM, James B. Byrne wrote: > It is evident that this attacker had more than one netblock > available. It > is conceivable that, instead of serially attacking us, they could just > have easily attempted multiple simultaneous connections from all of > their > available IP addresses. This would completely defeat the current > throttle > rules. Should I also throttle the total number of new connections > from > all IPs? you might be better served by adding an additional layer of defense e.g. denyhosts (which you can get from Dag). it's pretty good at deflecting brute-force attacks, especially if you enable synchronization mode in order to learn about hostile IPs before they hit you. initial setup should be a matter of minutes, i'd expect. a useful trick to keep your hosts.deny file from growing to massive size is to use the hosts.evil include mechanism: Can I use a non-standard hosts.deny file? (http://denyhosts.sourceforge.net/faq.html#2_6 ) -steve -- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2209 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20090112/8c2c3d7e/attachment-0001.p7s>
- Previous message: [CentOS] Intrusion Attempt Prevension - iptables problems
- Next message: [CentOS] (Semi-OT) Problems with Firefox
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list