[Gllug] limiting ssh zombie login attempts
Russell Howe
rhowe at wiss.co.uk
Tue Oct 19 17:01:29 UTC 2004
On Tue, Oct 19, 2004 at 02:11:33PM +0100, Martin A. Brooks wrote:
> On Tue, 2004-10-19 at 14:04, Andre Newman wrote:
> > I'm using
> > -m state --state NEW -m limit --limit 5/min --limit-burst 2 -j ACCEPT
>
> That look like a very effective method of being locked out of your own
> server :)
That's a good point - it would be very easy to DoS the entire ssh
service.
Maybe include a few ACCEPT rules from known hosts which don't use the
'limit' match, which would give you two classes of ssh connections:
* Those coming from known addresses, which can connect fast and with no
restrictions as to rate
* All other SSH connections, which are rate limited to $foo
--
Russell Howe | Why be just another cog in the machine,
rhowe at siksai.co.uk | when you can be the spanner in the works?
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list