Security process

Steve O'Hara-Smith steve at sohara.org
Tue Mar 9 10:27:39 PST 2010


On Tue, 9 Mar 2010 12:39:42 -0500
"Justin C. Sherrill" <justin at shiningsilence.com> wrote:

> On Tue, March 9, 2010 12:16 pm, Walter wrote:
> 
> > I don't understand how blocking an IP that has had
> > a hundred failed login attempts in the last ten
> > minutes could create a DoS hole...
> 
> I bet each firewall out there has an accompanying script to do this - it's
> a common problem.  There was even something with it for DragonFly:
> 
> http://www.shiningsilence.com/dbsdlog/2005/03/04/984.html
> 
> Moving ssh to a nonstandard port (to keep your logs clear) and using
> keyfiles instead of passwords appears to be the best bet, at this point.

	Definitely - and for those occasions where you want to be able to
access from places you don't want to put your private keys - opie.

-- 
Steve O'Hara-Smith                          |   Directable Mirror Arrays
C:>WIN                                      | A better way to focus the sun
The computer obeys and wins.                |    licences available see
You lose and Bill collects.                 |    http://www.sohara.org/





More information about the Users mailing list