On Thu, 9 Jul 2009 08:45:10 -0500 (CDT)
"Jeremy C. Reed" <reed (at) reedmedia (dot) net [email concealed]> wrote:
> I thought I saw a patch or feature for an sshd for
> blocking max connections per client, max failed
> authentication attempts per client, and/or max
> authentication attempts per client . Does anyone know
> about that?
>
> Or do any less popular open source SSH servers provide
> that? (Keep counter of connections, attempts, failures
> per client?)
OpenBSD has an option using pf to catch bruteforce
attacks. You basically specify a limit on connection
attempts on a port from one place. When someone exceeds
those attempts, it adds them to a table and denies them
further access.
Eric
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (OpenBSD)
"Jeremy C. Reed" <reed (at) reedmedia (dot) net [email concealed]> wrote:
> I thought I saw a patch or feature for an sshd for
> blocking max connections per client, max failed
> authentication attempts per client, and/or max
> authentication attempts per client . Does anyone know
> about that?
>
> Or do any less popular open source SSH servers provide
> that? (Keep counter of connections, attempts, failures
> per client?)
OpenBSD has an option using pf to catch bruteforce
attacks. You basically specify a limit on connection
attempts on a port from one place. When someone exceeds
those attempts, it adds them to a table and denies them
further access.
Eric
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (OpenBSD)
iEYEARECAAYFAkpWXkcACgkQeuL8zCiU+NX9EQCeLWj4EL6+xGzHwaDyPPwmPWSk
XOMAoIPGFmCj5OJnIN3lf9vcR7t3iRVX
=k4pA
-----END PGP SIGNATURE-----
[ reply ]