Found, a new rootkit

[Mike McCarty]

Mike McCarty wrote:
> jdow wrote:
> 
>> Gene, search for prior postings I've made (and others) about the iptables
>> recent feature. How'd you like this? "You get three syn tries in two
>> minutes. More than that and the ssh port is locked for your IP address
>> until the number of attempts falls below three in the last two minutes."
> 
> 
> One system I wrote many years ago used a leaky bucket. The bucket leaked
> one count per minute. If a threshhold of 3 was reached, then login
> attempts were denied, with a message exactly like any other login
> failure, and each successive failure put three more counts into the
> bucket. So, fail, fail, ok would get you in, but fail, fail, fail

Perhaps I didn't make that clear. The onset threshhold was 3, the
abatement threshhold was 0.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!