[CentOS] Is there an openssh security problem?
Coert Waagmeester
lgroups at waagmeester.co.za
Fri Jul 10 10:09:12 UTC 2009
On Thu, 2009-07-09 at 15:18 -0700, Bill Campbell wrote:
> This appeared today on Macworld, an article saying this is
> probably a hoax:
>
> http://www.macworld.com/article/141628/2009/07/openssh_securityhoax.html?lsrc=rss_main
>
> Bill
In my iptables setup I have the following rule: (excuse the ugly line
breaks)
/sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \
--dport 22 -m state -m recent --state NEW --update --seconds 15 -j \
DROPLOG
/sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \
--dport 22 -m state -m recent --state NEW --set -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \
--dport 22 -m state --state ESTABLISHED --state RELATED -j ACCEPT
it only allows one NEW connection to ssh per minute.
That is also a good protection right?
Regards,
Coert
More information about the CentOS
mailing list