sshd exponential backoff patch
Jan-Frode Myklebust
janfrode at tanso.net
Thu Jan 29 01:54:35 EST 2009
On 2009-01-28, Peter Lambrechtsen <plambrechtsen at gmail.com> wrote:
> I find a very effective way to prevent attacks (or at least slow them
> down) is to run the following IPTables rule:
>
> iptables -I INPUT -p tcp -i eth+ --dport 22 -m state --state NEW -m recent --set
> iptables -I INPUT -p tcp -i eth+ --dport 22 -m state --state NEW -m
> recent --update --seconds 300 --hitcount 3 -j DROP
> iptables -A INPUT -p tcp -i eth+ --dport 22 -j ACCEPT
I was experimenting a bit with the ipt_recent module a while ago (on RHEL5).
And it seemed I could quite easily trigger a kernel crash by cat'ing the
recent tables under /proc/net/ipt_recent/.
So, IMHO, that module might be quite dangerous to enable on a multiuser
system...
-jf
More information about the openssh-unix-dev
mailing list