On Sun 30 Mar 2008 03:39:11 NZDT +1300, Per Jessen wrote:
If you're on a LAN, you don't really need a firewall, do you?
You're doing my trick: post well after bedtime.
I don't use the openSUSE firewall
That's where your problem starts getting big quickly.
, but setting up a rate-check is only 3 iptables entries.
iptables -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack --update --seconds 60 --hitcount 6 -j LOG --log-prefix 'SSH attack: ' iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack --update --seconds 60 --hitcount 6 -j REJECT
You can't be seriously suggesting a non-tech user of opensuse employ this method. I am somewhat technically capable, but not stupid enough to roll my own iptables when SuSEfirewall2 does the trick (and with yast support and very good system integration), so the above will have to be integrated. I would like to suggest that rate limiting like the above be added to SuSEfirewall2 though and enabled by default with home-user / desktop-suitable limits. On all services which are liable to a bruteforce attack. In my earlier post suggesting the use of ssh rate limiting I was thinking of doing this by changing sshd_config. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org