On 10/27/06, Kyle Waters <[EMAIL PROTECTED]> wrote:
Someone suggested moving the ssh port to a different port, I think this is an excellent suggestion. You may also want to also consider setting a rate limit using iptables so that it is more difficult for someone to use a brute force attack. If you do set up rate limiting your users will not have to make any changes on their end.
Good idea. Could someone please post a sample iptables rate-limit for brute force attempts? I may get around to writing my own tonight unless someone has already done the homework. I guess one would need a rule that triggers on too many SYN per second to the SSH port?. I wouldnt want the rule to trigger on an already established connection. We can't have it simply look for packets-per-second. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */