Re: What to do with attackers?

To: debian-user@lists.debian.org
Subject: Re: What to do with attackers?
From: John L Fjellstad <john-debian@fjellstad.org>
Date: Fri, 04 Nov 2005 16:16:23 -0800
Message-id: <[🔎] 87d5lgeyp4.fsf@fjellstad.org>
References: <[🔎] 436B4319.4010805@ares.dyndns.biz>

I use iptables with the recent module.
Chain INPUT
target     prot opt source               destination
ACCEPT     tcp  --  localnet/24          anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state RELATED,ESTABLISHED,UNTRACKED tcp dpt:ssh
DROP       tcp  --  anywhere             anywhere            tcp dpt:ssh state INVALID,NEW recent: UPDATE seconds: 60 name: DEFAULT side: source
ACCEPT     all  --  anywhere             anywhere            state INVALID,NEW recent: SET name: DEFAULT side: source

You can't make more than one connection/min unless you are on the local
network.  Works great.
-- 
John L. Fjellstad
web: http://www.fjellstad.org/          Quis custodiet ipsos custodes

Reply to:

References:
- What to do with attackers?
  - From: Thomas <jade@ares.dyndns.biz>

Prev by Date: Re: What's your favourite FLOSS?
Next by Date: How to restore IMAP mailboxes
Previous by thread: Re: What to do with attackers?
Next by thread: Re: What to do with attackers?
Index(es):
- Date
- Thread