[CentOS] Paranoid Firewalling
t004 at kbocek.com
Tue Sep 6 18:33:56 UTC 2005
Scot L. Harris wrote:
> Actually this won't reduce any bandwidth to your server. The probes
> still hit that address, you are just blocking those packets in iptables
> from begin able to get any further.
Are you saying that the single connect-and-drop that this scheme introduces is going
to use the same bandwidth as a brute-force password attack on hundreds of login names?
> If you could implement this further up the line then you could reduce
> traffic to your servers.
Sure, that would be good. <SARCASM> Do you think I can get SBC to implement custom
filtering for our DSL? </SARCASM> ;)
> Putting a blanket deny on traffic from specific IP ranges is effective
> if attacks are coming from those ranges. The problem is that hackers
> will typically want to use an intermediate site to launch an actual
> attack from. This makes it harder to trace the actual source of the
> attack. At least good hackers do this. Script kiddies don't know to do
If you read the article, you'll see that the author suggests that the traffic is
probably coming from zombied personal machines in the far east occurring as a result
of a lack of security knowledge and awareness in those new to the net.
I don't expect this to be perfect, just an additional step to protect my servers.
More information about the CentOS