[CentOS] iptables question

Wed Jun 18 01:57:30 UTC 2014
Warren Young <warren at etr-usa.com>

On 6/17/2014 19:35, Chuck Campbell wrote:
> I haven't done the load stats, but it appears
> to me that a hundred of these crackers hitting my machine at these rates is
> likely to deny my legit users some resources.

So increase the fail2ban time from the default (5 minutes, as I recall) 
to 1 hour, or 1 day.

> Besides, just because the odds are against you, sometimes luck is all it takes.

That sort of thinking is why governments have started to levy taxes on 
people who are bad at math.  (i.e. lotteries)

Some risks simply aren't worth worrying about.

Go play with the haystack calculator I linked from my previous email. 
If 8 random printable ASCII characters doesn't make you sleep well at 
night, make it nine.  Now the attack space is about 2 orders of 
magnitude larger.  If the risk with 8 was "sometime in my career, which 
cannot stand a single breach," the risk with 9 becomes "sometime after I 
have shuffled off this mortal coil."