Home » Mailing list archives » openbsd-misc » 2007 » August » 13

Re: SSH brute force attacks no longer being caught by PF rule

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Joachim Schipper
Subject: Re: SSH brute force attacks no longer being caught by PF rule
Date: Monday, August 13, 2007 - 3:14 am

On Mon, Aug 13, 2007 at 10:10:14AM +0100, Stuart Henderson wrote:

Yes, that is one of the main problems. The other is that it takes time
to set up which would be better spent doing something useful - like
setting up a log watcher.


I'm fairly sure that on a modern system attached to a 100 Mbps link
network capacity will run out before this becomes a problem.


Yes, it would be, but I never got it to work reliably (Subversion likes
to close connections before opening the next one, etc). Did you? If so,
could you share the script/... you used?

Still, the point is that this policy has some odd results, costs real
time (albeit a little) to implement, increases complexity, and does not
gain you anything.

		Joachim

-- 
TFMotD: lm (4) - National Semiconductor LM78/79/81 temperature, voltage,
and fan sensor
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
SSH brute force attacks no longer being caught by PF rule, Steve B, (Wed Jun 27, 9:54 pm)
Re: SSH brute force attacks no longer being caught by PF rule, Daniel Ouellet, (Wed Jun 27, 10:39 pm)
Re: SSH brute force attacks no longer being caught by PF rule, Joachim Schipper, (Thu Jun 28, 7:20 am)
Re: SSH brute force attacks no longer being caught by PF rule, David Newman, (Wed Aug 8, 10:26 am)
Re: SSH brute force attacks no longer being caught by PF rule, Rob, (Wed Aug 8, 10:50 am)
Re: SSH brute force attacks no longer being caught by PF rule, Allie D., (Wed Aug 8, 10:54 am)
Re: SSH brute force attacks no longer being caught by PF rule, Daniel Cid, (Wed Aug 8, 11:20 am)
Re: SSH brute force attacks no longer being caught by PF rule, Allie D., (Wed Aug 8, 12:02 pm)
Re: SSH brute force attacks no longer being caught by PF rule, Rob, (Wed Aug 8, 12:03 pm)
Re: SSH brute force attacks no longer being caught by PF rule, Marc Balmer, (Wed Aug 8, 2:14 pm)
Re: SSH brute force attacks no longer being caught by PF rule, Joachim Schipper, (Thu Aug 9, 3:22 am)
Re: SSH brute force attacks no longer being caught by PF rule, David Newman, (Thu Aug 9, 10:24 am)
Re: SSH brute force attacks no longer being caught by PF rule, David Newman, (Thu Aug 9, 10:29 am)
Re: SSH brute force attacks no longer being caught by PF rule, Joachim Schipper, (Thu Aug 9, 12:43 pm)
Re: SSH brute force attacks no longer being caught by PF rule, Stuart Henderson, (Mon Aug 13, 2:10 am)
Re: SSH brute force attacks no longer being caught by PF rule, Joachim Schipper, (Mon Aug 13, 3:14 am)
Re: SSH brute force attacks no longer being caught by PF rule, Janne Johansson, (Mon Aug 13, 4:29 am)
Re: SSH brute force attacks no longer being caught by PF rule, Stuart Henderson, (Mon Aug 13, 4:30 am)
Re: SSH brute force attacks no longer being caught by PF rule, Henning Brauer, (Mon Aug 13, 5:09 am)