On Monday 16 July 2007, Richard Creighton wrote: > The log excerpt was despite a setting of: > > FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=5,blockseconds=300,recentname= >ssh"
I don't believe you had that in there correctly, because if you look a the times there were cases where there were 5 hits in the time period. In any case, your time period and counts are too high. 5 is too many. 3 is about right. 5 minutes is too long. 1 minute is about right. 3 bad attempts within a minute would then get them blocked for a minute and that will persist as long as they keep trying. Since I've done this on all my servers I see virtually no ssh attacks. -- _____________________________________ John Andersen -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
