Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: <gentoo-security@g.o>
From: "Tad Glines" <tad@...>
Subject: RE: [OT?] automatically firewalling off IPs
Date: Wed, 5 Oct 2005 18:40:28 -0700
These rules only block out the offending IP. All others remain un-blocked.

> -----Original Message-----
> From: Alex Efros [mailto:powerman@...]
> Sent: Sunday, October 02, 2005 3:54 PM
> To: gentoo-security@g.o
> Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
> 
> Hi!
> 
> On Sun, Oct 02, 2005 at 02:24:23PM -0700, Tad Glines wrote:
> > These are the rules that I'm using.
> >
> > # Track connections to SSH
> > -A INPUT -i eth0 -p tcp -m state --state ESTABLISHED --tcp-flags FIN,ACK
> > FIN,ACK \
> >    --dport 22 -m recent --name SSH --set
> > -A INPUT -i eth0 -p tcp -m state --state ESTABLISHED --tcp-flags RST RST
> \
> >    --dport 22 -m recent --name SSH --set
> >
> > # Drop if connection rate exceeds 4/minute
> > -A INPUT -i eth0 -p tcp --dport 22 -m recent --name SSH \
> >    --rcheck --seconds 60 --hitcount 4 -m limit -j LOG --log-prefix
> > "SSH_limit: "
> > -A INPUT -i eth0 -p tcp --dport 22 -m recent --name SSH \
> >    --rcheck --seconds 60 --hitcount 4 -j DROP
> >
> > # Drop if connection rate exceeds 20/hour
> > -A INPUT -i eth0 -p tcp --dport 22 -m recent --name SSH \
> >    --rcheck --seconds 3600 --hitcount 20 -m limit -j LOG --log-prefix
> > "SSH_limit: "
> > -A INPUT -i eth0 -p tcp --dport 22 -m recent --name SSH \
> >    --rcheck --seconds 3600 --hitcount 20 -j DROP
> 
> What about DoS because of these rules? Imagine somebody run SSH
> connections to your host every 10 seconds while you don't have
> already-opened SSH connection to server...... In this case you never
> will have a chance to log in to your server (and fix this issue)?!
> 
> --
> 			WBR, Alex.
> --
> gentoo-security@g.o mailing list


-- 
gentoo-security@g.o mailing list


Replies:
Re: [OT?] automatically firewalling off IPs
-- Matan Peled
References:
Re: [OT?] automatically firewalling off IPs
-- Alex Efros
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [OT?] automatically firewalling off IPs
Next by thread:
Re: [OT?] automatically firewalling off IPs
Previous by date:
Re: [OT?] automatically firewalling off IPs
Next by date:
Re: [OT?] automatically firewalling off IPs


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.