Any danger from these ports?
Rodolfo J. Paiz
rpaiz at simpaticus.com
Mon Jan 10 16:58:47 UTC 2005
On Mon, 2005-01-10 at 15:49 +0000, Luciano Miguel Ferreira Rocha wrote:
> On Mon, Jan 10, 2005 at 10:45:02AM -0500, Jeff Spaleta wrote:
> > Is the use of ipt_recent in a similar way something worth considering
> > as an inclusion to fedora default firewall rules?
>
> Not a default for servers, surely?
>
Why not? I'd be more than happy if *all* my servers had this feature.
Allowing no more than 2 login attempts via SSH from each IP address in a
60-second period is not something that would affect or inconvenience
any of my users, but it *is* something that would slow down, annoy, and
otherwise impair the jackasses who keep trying dictionary and scripted
attacks against my servers.
What do you see as the downside to such a feature? Of course one could
adjust the specific settings (say, no more than 5 attempts in a 60-
second interval if you want to be liberal), but I see no harm...
Cheers,
--
Rodolfo J. Paiz <rpaiz at simpaticus.com>
More information about the fedora-test-list
mailing list