OT: Security....
Rodolfo J. Paiz
rpaiz at simpaticus.com
Tue Nov 2 03:48:17 UTC 2004
On Tue, 2004-11-02 at 11:04 +0900, Joel wrote:
> Permanent black holes are not a good idea, of course, and that was
> discussed. I don't think I'd use the two day timeouts that someone
> mentioned for his setup, I'd think more in terms of thirty minutes.
> Possibly lengthen that a little if I got repeats.
>
I'm the guy who started out by describing his "fly-trap" technique with
Portsentry and Shorewall and the poster of the two-day timeout. The
reason I chose that period, iteratively and with careful trials, is that
it resulted in (a) almost zero repeat attacks from IP addresses after
being unblocked, and (b) only about 20 hosts in the entire Internet
being blocked at any given time.
The key in this case is careful selection of the "hostile" ports.
However, any given technique you choose will have its own quirks and
should be tested independently. Starting testing out at an hour and then
expanding to see the results is eminently reasonable; I just thought you
should know that two days works like a charm with THIS technique and on
MY web server, over the last two years or so.
Your mileage may (and probably will) vary, so of course test carefully.
Cheers,
--
Rodolfo J. Paiz <rpaiz at simpaticus.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20041101/92003c19/attachment-0002.bin
More information about the users
mailing list