On Sun, Jul 16, 2006 at 03:33:18PM +0200, Christian Boltz wrote:
Hello,
Am Sonntag, 16. Juli 2006 12:24 schrieb houghi:
As most people know, sshd attacks are very common. Also there are various tools out there that can be used to block these attacks. [...] It should be something that does not run with cron, as it is to slow to run only each minute.
The ipt_recent module can do this job without adding a new package: https://bugzilla.novell.com/show_bug.cgi?id=104602
The only problem with this: it will also block IPs that legally open more than the allowed number of SSH connections per minute - but I don't consider this a real problem, who needs more than 5 [1] new SSH connections per minute? ;-)
From the day the male foetus' hands grow long enough to grasp at their 'third leg', until the man in question is dead and buried, the penis is a constant
Most users will indeed not need more then 5 new SH connection per minute from the same IP. And if they do, then most likley they have some experience with sshd servers and should be able to figure things out themselves after turning of ipt_recent. I have not enough experience in these things to know wether or not blocking IPs at that level is unwanted. Perhaps for SLED or SLES it is. The adbatage of e.g. blockhosts is that it is much easier to configure. All you need to do is edit /etc/hosts.allow It is always good to have alternatives to look at and then decide what is the best way to go. What has the least disadvatages. We agree luckily that something should be done by default when sshd is running. Talking about sshd, is there a reason that ssh 1 is still active as well by default? (or has that changed?) -- source of amusement and amazement to those of the male gender. http://www.bbc.co.uk/dna/h2g2/A219061 --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory-help@opensuse.org