[CentOS] Paranoid Firewalling
Scot L. Harris
webid at cfl.rr.comWed Sep 7 00:50:47 UTC 2005
- Previous message: [CentOS] Paranoid Firewalling
- Next message: [CentOS] Paranoid Firewalling
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 2005-09-06 at 20:16, Maciej Żenczykowski wrote: > Instead of keeping the ssh port open, use something like the following: > > -A INPUT -p tcp --dport SECRETPORT# -m recent --set > -A INPUT -p tcp --dport ssh -m state --state NEW -m recent --update > --seconds 43200 -j ACCEPT > > and then before ssh'ing in from outside telnet the SECRETPORT# on the > machine in order to open the ssh port for the next 12 hours. > Gets rid of script kiddies. Or just move the ssh port to another port number. I also got tired of all the log file activity. Moved ssh to another port and have not seen any of that traffic since then.
- Previous message: [CentOS] Paranoid Firewalling
- Next message: [CentOS] Paranoid Firewalling
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list