[CentOS] iptables question
Warren Young
warren at etr-usa.com
Wed Jun 18 01:57:30 UTC 2014
On 6/17/2014 19:35, Chuck Campbell wrote:
> I haven't done the load stats, but it appears
> to me that a hundred of these crackers hitting my machine at these rates is
> likely to deny my legit users some resources.
So increase the fail2ban time from the default (5 minutes, as I recall)
to 1 hour, or 1 day.
> Besides, just because the odds are against you, sometimes luck is all it takes.
That sort of thinking is why governments have started to levy taxes on
people who are bad at math. (i.e. lotteries)
Some risks simply aren't worth worrying about.
Go play with the haystack calculator I linked from my previous email.
If 8 random printable ASCII characters doesn't make you sleep well at
night, make it nine. Now the attack space is about 2 orders of
magnitude larger. If the risk with 8 was "sometime in my career, which
cannot stand a single breach," the risk with 9 becomes "sometime after I
have shuffled off this mortal coil."
More information about the CentOS
mailing list