How should I react to break in attempts
David Hoffman
dhoffman2004 at gmail.com
Sat Apr 9 18:13:38 UTC 2005
On Apr 9, 2005 12:06 AM, Arthur Pemberton <dalive at flashmail.com> wrote:
> I am now a proud user of this.
I looked at it and opted for the auto-firewall option that I mentioned
earlier. In fact, I just enabled that option yesterday afternoon, and
it already blocked someone.
What kind of schedule are you running it on? Remember, that some of
these scripts that people run to try to hack into your system can make
upwards of 20-30 connections in just a minute, trying to guess account
names of users on your system. If you are running denyhosts every 10
minutes... or even every 5 minutes, that's a lot of time to let people
play before they get blocked.
The scripts I referred to block out connections from an IP address
that makes 5 unsuccessful SSH connections within 60 seconds... So on
the 5th connection, it just blocks them right away. I can live with
someone trying 5 connections and getting blocked, but letting them try
hundreds before they get blocked is something I'm not going to risk.
Just my advice, for what it's worth.
--
David
Registered Linux User 383030 (since everyone else was doing it 8-)
-----------------------------------------------------------------------
There are only 10 kinds of people in this world,
those who understand binary, and those who don't.
More information about the fedora-list
mailing list