Re: I love IP Tables....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, May 27, 2007 at 08:02:29 -0400,
  Tom Rivers <tom@xxxxxxxxxxxxxxxxx> wrote:
> On Sat, 2007-05-26 at 13:16 -0700, Wolfgang S. Rupprecht wrote:
> > Such programs help you save the CPU time of sshd answering the
> > connection from a single abusive host, but would do little against a
> > distributed botnet attack.  Luckily botnets aren't really used against
> > sshd yet, but it they were you'd potentially be seeing distributed
> > guessing attacks from 10,000 different hosts.  If they all took turns
> > to guess a single password in round-robin fashion, the filters would
> > never trip.
> 
> You're right.  What do you recommend to protect against this sort of
> attack?

A good relationship with your ISP. 10K hosts could just swamp your link
and you will need upstream help to block it before it gets to your link.
If you are worried about slow guessing attacks from multiple IPs, the
same advice previously give will work. Either use strong passwords or
public keys for authentication. (Presumably, if you are asking this
question there isn't a small set of IP address that legitimate ssh
connections can come from.)


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux