On Mon, 2011-10-24 at 18:31 +0200, Reindl Harald wrote:
> for portscans allow only 120 connections from the same ip per second
> makes it really hard do a full port-scan because it longs forever and
> aditionally webservers are proctected against a single dos-attack

120 per second seems overly generous.

> try it with "ab -c 20 -n 100000 http://yourhost/" and you will see

Hmm, "ab"...  Never go past *ix users for coming up with extremely
abbreviated commands.

> as you see security is never one setting and it is done and obscurity
> as additional prevention is good and no overhead if someone knows to
> handle his machines

Yes/no...  It's too easy to think being obscure protects you when it
doesn't really.  It only slightly shifts the goal posts.

--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



--
users mailing list
users@list...
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines