Found, a new rootkit

[Mike McCarty]

jdow wrote:
> Gene, search for prior postings I've made (and others) about the iptables
> recent feature. How'd you like this? "You get three syn tries in two
> minutes. More than that and the ssh port is locked for your IP address
> until the number of attempts falls below three in the last two minutes."

One system I wrote many years ago used a leaky bucket. The bucket leaked
one count per minute. If a threshhold of 3 was reached, then login
attempts were denied, with a message exactly like any other login
failure, and each successive failure put three more counts into the
bucket. So, fail, fail, ok would get you in, but fail, fail, fail
would get you a three minute penalty. Each try after that, before the
bucket leaked out, netted you an additional three minutes. I limited
the total lockout time to one hour.


Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!