[PLUG] iptables firewalling...

Carla Schroder carla at bratgrrl.com
Wed Sep 6 02:29:37 UTC 2006


> >From: Jeff Moore <Jeff.Moore at chemeketa.edu>
> >    I agree that portknocking alone is weak but all good security has
> > layers. When portknocking is used in combination with rsa authentication
> > and strong username and passwords it certainly helps. If portknocking
> > allows you to be invisible to 90% of the script kiddies out there then
> > all the better. Plus your logs will thank you...


On Tuesday 05 September 2006 17:57, Elliott Mitchell wrote:
> The ircony of course is that the whole point of logging is to catch
> things like this. You *want* to know that host x.y.z.w is an evil guy.
> The issue is that you don't want nearly so many log entries. This strikes
> me as a case for connection limiting at the firewall (say 5 connections
> every 3 minutes per host), and changing sshd so that it quickly starts
> rejecting connections from a host that repeatedly fails.
> 

Connection limiting in iptables is annoying and just asking for trouble. You 
end up writing whitelist rules to let legitimate users in without delays, and 
it turns into a mess. DenyHosts handles it elegantly and simply.
http://www.enterprisenetworkingplanet.com/netos/article.php/3553111

Knockd is a nice port-knocking implementation that is also easy to use,
http://www.serverwatch.com/tutorials/article.php/3625276

Both work for any service.
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Carla Schroder
 check out my "Linux Cookbook", the ultimate Linux user's
 and sysadmin's guide! http://www.oreilly.com/catalog/linuxckbk/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



More information about the PLUG mailing list