On Sun, Jul 16, 2006 at 03:33:18PM +0200, Christian Boltz wrote:
> Hello,
>
> Am Sonntag, 16. Juli 2006 12:24 schrieb houghi:
> > As most people know, sshd attacks are very common. Also there are
> > various tools out there that can be used to block these attacks.
> [...]
> > It should be something that does not run with cron, as it is to slow
> > to run only each minute.
>
> The ipt_recent module can do this job without adding a new package:
> https://bugzilla.novell.com/show_bug.cgi?id=104602
>
> The only problem with this: it will also block IPs that legally open
> more than the allowed number of SSH connections per minute - but I
> don't consider this a real problem, who needs more than 5 [1] new SSH
> connections per minute? ;-)
Most users will indeed not need more then 5 new SH connection per minute
from the same IP. And if they do, then most likley they have some
experience with sshd servers and should be able to figure things out
themselves after turning of ipt_recent.
I have not enough experience in these things to know wether or not
blocking IPs at that level is unwanted. Perhaps for SLED or SLES it is.
The adbatage of e.g. blockhosts is that it is much easier to configure.
All you need to do is edit /etc/hosts.allow
It is always good to have alternatives to look at and then decide what is
the best way to go. What has the least disadvatages. We agree luckily that
something should be done by default when sshd is running.
Talking about sshd, is there a reason that ssh 1 is still active as well
by default? (or has that changed?)
--
>From the day the male foetus' hands grow long enough to grasp at their 'third
leg', until the man in question is dead and buried, the penis is a constant
source of amusement and amazement to those of the male gender.
http://www.bbc.co.uk/dna/h2g2/A219061
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
