Firewall Wizards mailing list archives
Re: cisco ssh rate limit
From: hermit921 <hermit921 () yahoo com>
Date: Fri, 26 May 2006 11:18:19 -0700
We have many many outside sources that vary unpredictably, and we have no control (or knowledge) over that. An alternative is to set up a bastion host, but that will break a lot of file transfers and require painful changes and new infrastructure. We may do that eventually. hermit921 At 09:37 AM 5/26/2006, David Swafford wrote:
Hi Hermit921, Have you thought about using an access control list instead for the ssh connection? I am not deeply familiar with the PIX yet but I know on Cisco routers you can setup an access list that defines what source IPs are allowed to telnet into the box. I'm thinking functionality like this would be something that you might find on the PIX for ssh. On IOS routers it is configured slightly differently than a standard access list in that you configure it at the virtual interface I believe. I'm thinking that you might cause yourself some problems by limited the attempts as this might prevent you from accessing the box. Anyone else have any thoughts on this? David A. Swafford Archbishop Alter High School Information Technology Team, Network Engineer A Cisco CCNA and a CompTIA Network+ and Security+ Certified Professionalhermit921 () yahoo com 5/26/2006 11:07 am >>>Can we set our PIX firewall to limit the rate at which ssh connection attempts are allowed? I would like to set it so that ssh is limited to 2 connections per minute for any source/destination pair. Does this cause much impact on the PIX? hermit921
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG), (continued)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Jim Seymour (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) George Capehart (May 30)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Devdas Bhagat (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ArkanoiD (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)
- cisco ssh rate limit hermit921 (May 26)
- Re: cisco ssh rate limit David Swafford (May 26)
- Re: cisco ssh rate limit hermit921 (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Balazs Scheidler (May 28)