Coert Waagmeester wrote:
On Thu, 2009-07-09 at 15:18 -0700, Bill Campbell wrote:
This appeared today on Macworld, an article saying this is probably a hoax:
http://www.macworld.com/article/141628/2009/07/openssh_securityhoax.html?lsr...
Bill
In my iptables setup I have the following rule: (excuse the ugly line breaks)
/sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \ --dport 22 -m state -m recent --state NEW --update --seconds 15 -j \ DROPLOG
/sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \ --dport 22 -m state -m recent --state NEW --set -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \ --dport 22 -m state --state ESTABLISHED --state RELATED -j ACCEPT
it only allows one NEW connection to ssh per minute.
That is also a good protection right?
Regards, Coert
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Not really protection - rather a deterrent - it just makes it slower for the script kiddies that try brute force attacks - they have to pace themselves to one try per minute rather than one or two per second. Thus they normally move on to an easier target. You can also use iptables to allow say four attempts from an IP and then block for 5 or more minutes - this is what I use. HTH Rob