[PLUG] TCP Wrappers and IPs
Roderick A. Anderson
raanders at acm.org
Wed Feb 22 00:18:16 UTC 2006
Carla Schroder wrote:
> On Tuesday 21 February 2006 15:53, Paul Mullen wrote:
>
>>On Tue, Feb 21, 2006 at 01:36:39PM -0800, Carla Schroder wrote:
>>
>>
>>> It does not discriminate on the basis of source address. It simply
>>>rate-limits the number of new connections per minute from anywhere. So if
>>
>>That doesn't seem to be the case in my experience. After three
>>consecutive logins from client A, I can switch to client B (on an
>>entirely different network) and get through just fine. Unfortunately
>>I'm not yet good enough with iptables to explain how/why this is the
>>case.
>>
>
>
> When zee mystery she persists, rtfm:
> http://www.stearns.org/pomlist/0.2.2-output/pom-combined.html#recent
>
> So it looks like it does check the source IPs and counts them, rather than all
> connections like I thought. Quite ingenious.
>
_Very_ nice. I'll set it for those id10ts out there that slam my
systems but at a higher rate; say 10 per minute. Then let DenyHosts
pick up the clever ones that might hit at a slower rate. Most of them
are too stupid and will pound away ( typically I see once every two
seconds ) and the iptables rules will get them.
Again thanks Paul and Carla.
Rod
--
More information about the PLUG
mailing list