crazy hackers and logwatch

Florin Andrei florin at andrei.myip.org
Tue Sep 6 18:36:46 UTC 2005


On Tue, 2005-08-09 at 09:00 -0700, Brian Gaynor wrote:
> On Tue, 2005-08-09 at 09:39 -0600, Kevin Fenzi wrote:
> > 
> > $IPTABLES -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT
> 
> I've used similar rules for some time now and they've proven very
> effective. The only problem I've run into is with subversion over SSH,
> it generates a lot of  short connections sometimes (for example when
> browsing a repository) and can look like an attack to this kind of
> block.

That issue has been addressed by the newly released openssh-4.2

http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html

Quote:
- Many bugfixes and improvements to connection multiplexing,
    including:

    - Added ControlMaster=auto/autoask options to support opportunistic
      multiplexing (see the ssh_config(5) manpage for details).

-- 
Florin Andrei

http://florin.myip.org/




More information about the fedora-test-list mailing list