nanog mailing list archives

Re: a record?

From: Jeroen Massar <jeroen () unfix org>
Date: Mon, 14 Nov 2005 23:49:19 +0100

Randy Bush wrote:

for one host, 185,932 ssh dictionary password attacks in one gmt day
(and, of course, password login is not enabled).


Partial "solution": rate limit ports to max X (5) new connects per X (60
secs) time.

Et tada, almost not to be seen any more.

Misc Linux-based example:
http://unfix.org/~jeroen/archive/rc.ratelimit

Also possible with your favorite BSD and other OS's...
Limiting port 25 also helps with those annoying bots around the net.

Other solution: disable IPv4 SSH and enable the IPv6 one, no scanning on
that plane ;)

Greets,
 Jeroen

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

a record? Randy Bush (Nov 14)
- Re: a record? Jeroen Massar (Nov 14)
  - Re: a record? Gadi Evron (Nov 14)
    - Re: a record? Jeroen Massar (Nov 14)
    - Re: a record? Gadi Evron (Nov 14)
    - Re: a record? Steven M. Bellovin (Nov 14)
    - Re: a record? Kevin Loch (Nov 14)
    - Re: a record? Rob Thomas (Nov 14)
    - Re: a record? Randy Bush (Nov 14)
    - Re: a record? Dan Hollis (Nov 14)
  - Re: a record? Randy Bush (Nov 14)
- Re: a record? Peter Dambier (Nov 14)

(Thread continues...)