On Tuesday 17 July 2007, Richard Creighton wrote:
> > But in any event, I don't believe its being honored.
Ok, its safe to say you have rate limit installed and available
> What I'm wondering is if it *is* being honored as far as the hacker is
> concerned, ie, he is not getting past the 'DROP', but because of the LOG
> setting, I am still getting notice???? Does that seem plausible to you
> and if so, can you think of a way to test it?
You can test with any external ssh client (from the outside).
But if the logging shows up prefixed with sshd as yours does:
Jul 17 00:38:27 raid5 sshd
Then you can be assured that the connection attempt DID get
to the ssh daemon, and was NOT dropped. If it was dropped
the sshd would never see these packets.
I suspect you will have to restart iptables somehow, if not by
reboot then by iptables commands. (Shorewall does this
for me so I don't know the base level syntax).
FWIW here is the pertinent part of the output from
/usr/sbin/iptables -L > iptables.txt
Chain %Limit (1 references)
target prot opt source destination
0 -- anywhere anywhere recent: SET name: SSHA
side: source
%Limit% 0 -- anywhere anywhere recent: UPDATE seconds: 60
hit_count: 4 name: SSHA side: source
ACCEPT 0 -- anywhere anywhere
The only significant difference I see is my name: SSHA is unique, not any
common name such as ssh. Your badssh should have worked.
BTW, can you turn off html mail to the mailing list? It messes up the qouteing
style and I am
having a bit of a problem following the thread... I thought thuunderbird had
this as a per-destination
option, but I donno for sure.
--
_____________________________________
John Andersen
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
