Coert Waagmeester wrote: > On Thu, 2009-07-09 at 15:18 -0700, Bill Campbell wrote: > >> This appeared today on Macworld, an article saying this is >> probably a hoax: >> >> http://www.macworld.com/article/141628/2009/07/openssh_securityhoax.html?lsrc=rss_main >> >> Bill >> > > In my iptables setup I have the following rule: (excuse the ugly line > breaks) > > /sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \ > --dport 22 -m state -m recent --state NEW --update --seconds 15 -j \ > DROPLOG > > /sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \ > --dport 22 -m state -m recent --state NEW --set -j ACCEPT > > /sbin/iptables -A INPUT -i eth0 -p tcp -s 196.1.1.0/24 -d 196.1.1.31 \ > --dport 22 -m state --state ESTABLISHED --state RELATED -j ACCEPT > > it only allows one NEW connection to ssh per minute. > > That is also a good protection right? > > > Regards, > Coert > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > Not really protection - rather a deterrent - it just makes it slower for the script kiddies that try brute force attacks - they have to pace themselves to one try per minute rather than one or two per second. Thus they normally move on to an easier target. You can also use iptables to allow say four attempts from an IP and then block for 5 or more minutes - this is what I use. HTH Rob -------------- next part -------------- A non-text attachment was scrubbed... Name: rkampen.vcf Type: text/x-vcard Size: 196 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20090710/764cb217/attachment-0005.vcf>