Gentoo Archives: gentoo-security

From: Ben Anderson <ben@××××××××××××××××××.au>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] If your interested
Date: Mon, 10 Oct 2005 05:27:57
In Reply to: Re: [gentoo-security] If your interested by Dave Strydom
It may make sense for small, limited users machines, but what about 
servers that are intentionally advertising ssh for it's users globally, 
so can't use port knocking, can't block all of korea (as some users 
definatly connect from there) and so on...

Seems to me blocking large chunks of the net because they're a pain is a 
short term solution that's going to cause long term pain for the 
internet at large if it's allowed to become standard practice...

Shouldn't this list focus on the general, base level security rather 
than specific work-arounds for these type of issues that don't apply to 
a lot of boxen?

2c out.

Dave Strydom wrote:
> I think there is an easier way of doing this... > > Why not use the GEOIP IPTABLES patch and then just use this in your > firewall: > > ----------------------------------------------------------------------------------------- > $IPTABLES -A INPUT -p tcp -m geoip --src-cc CN -j DROP > $IPTABLES -A INPUT -p tcp -m geoip --src-cc KR -j DROP > $IPTABLES -A INPUT -p tcp -m geoip --src-cc TW -j DROP > $IPTABLES -A INPUT -p tcp -m geoip --src-cc HK -j DROP > ----------------------------------------------------------------------------------------- > > This way you have 4 simple rules which do the work of that entire script. > > > On 10/10/05, *Taka John Brunkhorst* <antiwmac@×××××.com > <mailto:antiwmac@×××××.com>> wrote: > > nice but why do we need to block them? > ssh worms? or just lamers? > > -- > antiwmac@×××××.com <mailto:antiwmac@×××××.com> > Taka John Brunkhorst > >
-- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] If your interested Bernhard Egger <bernhard@×××××××××××.kr>
Re: [gentoo-security] If your interested Brian Micek <bmicek@×××××××××.net>