Unable to ssh nodes with global IP

Tim ignored_mailbox at yahoo.com.au
Tue Oct 25 08:48:03 UTC 2011

On Mon, 2011-10-24 at 18:31 +0200, Reindl Harald wrote:
> for portscans allow only 120 connections from the same ip per second
> makes it really hard do a full port-scan because it longs forever and
> aditionally webservers are proctected against a single dos-attack

120 per second seems overly generous.

> try it with "ab -c 20 -n 100000 http://yourhost/" and you will see

Hmm, "ab"...  Never go past *ix users for coming up with extremely
abbreviated commands.

> as you see security is never one setting and it is done and obscurity
> as additional prevention is good and no overhead if someone knows to
> handle his machines

Yes/no...  It's too easy to think being obscure protects you when it
doesn't really.  It only slightly shifts the goal posts.

[tim at localhost ~]$ uname -r

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.

More information about the users mailing list