Re: Flood blocking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jun 05, 2009 at 22:29:32 -0600,
  "Ashley M. Kirchner" <ashley@xxxxxxxxxx> wrote:
>
>    I currently have one system I'm testing the following rules on:
>
>    iptables -N SSHSCAN
>    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN
>    iptables -A SSHSCAN -m recent --set --name SSH
>    iptables -A SSHSCAN -m recent --update --seconds 300 --hitcount 2  
> --name SSH -j DROP
>
>
>    And just by watching it for the past few days, those rules seem to  
> work pretty well.  So, it made me wonder, can I apply the same rules for  
> FTP and e-mail (with the correct port information of course.)

I don't think it will work well for email. (I think list servers and other
servers that send you a lot of email will tend to get blocked.) Besides, if
your purpose is to stop password guessing attacks, there isn't much point in
blocking email that way. If you want to try to use it to help mitigate
spam, you'd probably be better off using grey listing to do this kind of
thing.

>    I get *a lot* of failed FTP attempts.  Especially when the sun comes  
> up in Asia.  And then there's the e-mail spam that also doesn't stop.   
> So, can I take those same set of rules above, replace the port number  
> and name, and have them work for FTP and e-mail as well?

Do you run an authenticated ftp server? If you just use ssh based file
transfers and/or anonymous ftp, then there probably isn't much point to
doing this.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux