On Tuesday 17 July 2007, Richard Creighton wrote:
But in any event, I don't believe its being honored.
Ok, its safe to say you have rate limit installed and available
What I'm wondering is if it *is* being honored as far as the hacker is concerned, ie, he is not getting past the 'DROP', but because of the LOG setting, I am still getting notice???? Does that seem plausible to you and if so, can you think of a way to test it?
You can test with any external ssh client (from the outside). But if the logging shows up prefixed with sshd as yours does: Jul 17 00:38:27 raid5 sshd Then you can be assured that the connection attempt DID get to the ssh daemon, and was NOT dropped. If it was dropped the sshd would never see these packets. I suspect you will have to restart iptables somehow, if not by reboot then by iptables commands. (Shorewall does this for me so I don't know the base level syntax). FWIW here is the pertinent part of the output from /usr/sbin/iptables -L > iptables.txt Chain %Limit (1 references) target prot opt source destination 0 -- anywhere anywhere recent: SET name: SSHA side: source %Limit% 0 -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: SSHA side: source ACCEPT 0 -- anywhere anywhere The only significant difference I see is my name: SSHA is unique, not any common name such as ssh. Your badssh should have worked. BTW, can you turn off html mail to the mailing list? It messes up the qouteing style and I am having a bit of a problem following the thread... I thought thuunderbird had this as a per-destination option, but I donno for sure. -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org