This is exactly why a higher level interface should be considered. If
you go about setting your own low level iptables rules then you would
also have the task of testing those rules.
I use shorewall and I've used firhol, both are good. Please consult
there results(the tables they generate) for
Le 5 févr. 2013 17:52, Daniel Curtis sidetripp...@gmail.com a écrit :
I've added a rule to my iptables script, which is responsible for
filtering --tcp-flags and INVALID state. After addition of this rule,
I've noticed , that many IP addresses are trying to scan(?) my
computer, but it is not
Le 5 févr. 2013 23:03, Bartek Krajnik bar...@bmk-it.com a écrit :
Hi,
For ssh login attempts you can use program authfail (after 4 wrong login
attempts it adds proper IP to netfilter with DROP rule sending notification
to IP class owner from whois database).
It sounds a bit overkill.
Am I the
Hi,
For ssh login attempts you can use program authfail (after 4 wrong login
attempts it adds proper IP to netfilter with DROP rule sending notification to
IP class owner from whois database).
Jérémie Marguerie jere...@marguerie.org wrote:
Le 5 févr. 2013 17:52, Daniel Curtis
On Tue, 2013-02-05 at 23:10 +, Jérémie Marguerie wrote:
Le 5 févr. 2013 23:03, Bartek Krajnik bar...@bmk-it.com a écrit :
Hi,
For ssh login attempts you can use program authfail (after 4 wrong
login attempts it adds proper IP to netfilter with DROP rule sending
notification to IP
If you want to be extra paranoid, hide your open ports with port knocking and
have your clients run from a script that knocks the proper sequence before
making the connection :-)
Jay
On Feb 5, 2013, at 19:10, Jérémie Marguerie jere...@marguerie.org wrote:
Le 5 févr. 2013 23:03, Bartek
That, or just use OpenVPN.
On Tue, Feb 05, 2013 at 10:45:39PM +, Jérémie Marguerie wrote:
You'll be scanned, many times a day, you'll also be bruteforced and
however not normal, this is just noise.
See also http://en.wikipedia.org/wiki/Internet_background_radiation
signature.asc
Description: Digital
That with openvpn ;-)
Jay
On Feb 5, 2013, at 19:33, Kees de Jong keesdej...@gmail.com wrote:
That, or just use OpenVPN.
9 matches
Mail list logo