Unable to ssh nodes with global IP
Tim
ignored_mailbox at yahoo.com.au
Tue Oct 25 08:48:03 UTC 2011
On Mon, 2011-10-24 at 18:31 +0200, Reindl Harald wrote:
> for portscans allow only 120 connections from the same ip per second
> makes it really hard do a full port-scan because it longs forever and
> aditionally webservers are proctected against a single dos-attack
120 per second seems overly generous.
> try it with "ab -c 20 -n 100000 http://yourhost/" and you will see
Hmm, "ab"... Never go past *ix users for coming up with extremely
abbreviated commands.
> as you see security is never one setting and it is done and obscurity
> as additional prevention is good and no overhead if someone knows to
> handle his machines
Yes/no... It's too easy to think being obscure protects you when it
doesn't really. It only slightly shifts the goal posts.
--
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
More information about the users
mailing list