I love IP Tables....
Tom Rivers
tom at impact-crater.com
Sun May 27 12:02:29 UTC 2007
On Sat, 2007-05-26 at 13:16 -0700, Wolfgang S. Rupprecht wrote:
> Such programs help you save the CPU time of sshd answering the
> connection from a single abusive host, but would do little against a
> distributed botnet attack. Luckily botnets aren't really used against
> sshd yet, but it they were you'd potentially be seeing distributed
> guessing attacks from 10,000 different hosts. If they all took turns
> to guess a single password in round-robin fashion, the filters would
> never trip.
You're right. What do you recommend to protect against this sort of
attack?
Tom
More information about the fedora-list
mailing list