promt solution with max-src-conn-rate
GreenX FreeBSD
freebsd at azimut-tour.ru
Mon May 15 12:28:10 UTC 2006
Kian Mohageri пишет:
> you're probably trying to use this on a port where nothing is listening.
Yes, I understand it, and I about it have written in my letter.
I think above that how to make so that worked on not listening port.
It is possible certainly, simply to redirect on any something responding
service.
But for this purpose foreign service is besides necessary.
> I'd advise against what you're trying to do. It won't make your box
> more secure.
Why?
Simply so, on ssh you will not come any more.
If I am not mistaken, probability of that the scanner will begin the
check with "key" port,
and further at once will check up sshd is equal - 1 / (0xFFFF*0xFFFE).
If he will not make itthis, he can be caught on max-src-conn-rate
concerning public services,
and to put for his forward from all ports on ssh localhost.
Best regards, GreenX.
More information about the freebsd-pf
mailing list