Greetings!
Had a "really simple" idea/question for the community tonight; and need some savvy to move things along
In that spirit, I'll submit the well-known "ufw limit ssh/tcp" commandline which is proffered as a means of thwarting a brute-force attack on a plain-jane client install:
Code:
root@laptop1:~# ufw limit ssh/tcp
Rule added
Skipping unsupported IPv6 'limit' rule
root@laptop1:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
To Action From
-- ------ ----
22/tcp LIMIT IN Anywhere
OK, so we're setting up a rule to quash a dictionary attack directed @ port 22. Good enough.
However, hypothetically, let's say we have a scenario in which other (unforeseen) ports on the subject machine could present themselves as a useful target for some miscreant passerby.
In that (academic?) case, how does this look as a way of essentially telling a would-be interloper to buzz off & stop hammering at all possible points of entry:
Code:
root@laptop1:~# ufw limit proto tcp from any to any port 1:65535
Rule added
Skipping unsupported IPv6 'limit' rule
root@laptop1:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
To Action From
-- ------ ----
1:65535/tcp LIMIT IN Anywhere
In sum, what are the pros & cons of setting up a rule like this on a typical client; and would such an arrangement, indeed, have the net collective effect of blockading the entire portset from brute-force attack?
Finally, what are the relevant implications in the ubiquitous warning "Skipping unsupported IPv6 'limit' rule"?
Thanks again --
Bookmarks