Re: SSH IP Blocking
From: James Riden (s0197800@dai.ed.ac.uk)Date: 04/18/02
- Next message: TC: "Re: Iptables state"
- Previous message: Iain Brown: "Re: rename root account"
- In reply to: Tim Haynes: "Re: SSH IP Blocking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: James Riden <s0197800@dai.ed.ac.uk> Date: 18 Apr 2002 17:04:42 +0100
Tim Haynes <usenet@stirfried.vegetable.org.uk> writes:
> You're going to get *FAR* more one-port single-SYN scans, or occasional
> SYN+FIN scans, and never hear from the IP# again. Unless you *really* know
> better, I suggest you're going to waste your firewall rules on folks who're
> never coming back - do let me know if you get anything like >1% repeat
> offenders, right?
If you don't mind blocks instead of individual IPs, t-online and
wanadoo are far above 1%.
cheers,
Jamie
-- James Riden / james.riden@ed.ac.uk My opinions are my own, not the University's. "When in Rome; burn it." -- GCU Arbitrary
- Next message: TC: "Re: Iptables state"
- Previous message: Iain Brown: "Re: rename root account"
- In reply to: Tim Haynes: "Re: SSH IP Blocking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
