Re: cisco ssh rate limit

[hermit921 <hermit921 () yahoo com>]

We have many many outside sources that vary unpredictably, and we have no 
control (or knowledge) over that.  An alternative is to set up a bastion 
host, but that will break a lot of file transfers and require painful 
changes and new infrastructure.  We may do that eventually.

hermit921


At 09:37 AM 5/26/2006, David Swafford wrote:
> Hi Hermit921,
>
> Have you thought about using an access control list instead for the ssh 
> connection?  I am not deeply familiar with the PIX yet but I know on Cisco 
> routers you can setup an access list that defines what source IPs are 
> allowed to telnet into the box.  I'm thinking functionality like this 
> would be something that you might find on the PIX for ssh.  On IOS routers 
> it is configured slightly differently than a standard access list in that 
> you configure it at the virtual interface I believe.  I'm thinking that 
> you might cause yourself some problems by limited the attempts as this 
> might prevent you from accessing the box.
>
> Anyone else have any thoughts on this?
>
> David A. Swafford
> Archbishop Alter High School
> Information Technology Team, Network Engineer
>
> A Cisco CCNA and a CompTIA Network+ and Security+ Certified Professional
>
>
> > > > hermit921 () yahoo com 5/26/2006 11:07 am >>>
> Can we set our PIX firewall to limit the rate at which ssh connection
> attempts are allowed?  I would like to set it so that ssh is limited to 2
> connections per minute for any source/destination pair.  Does this cause
> much impact on the PIX?
>
> hermit921


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards