Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: what about rate limiting?

from [christian . perone] Network Security [Permanent Link]
Subject: Re: what about rate limiting?
Date: 23 Aug 2006 13:09:02 -0000 
Hello Reed,
I think that these features will not be implemented, cause you can use a 
firewall to do that.
The MaxStartups have a behavior of a stochastical connection dropper, you can 
use this option to reduce concurrent attemps and prevent a DoS in sshd. In this 
option, you specify 3 colon-separated values like "20:40:50", the first is the 
"start value", second is the connection drop rate and the third is the full 
limit of concurrent connections. In this case, the shhd will refuse attemps 
with a probability of 40% if there are more then 20 concurrent connections 
(unauthenticated); and if the number of concurrent unauthenticated connections 
reaches 50, the daemon will drop all connections. It's extremely recommended 
that you use this stochastical connection drop if your box is exposed in the 
net, because the default approach to MaxStartups is 10, and with this value, a 
DoS can be started from a single box to prevent sshd access in the box.
Hope this help you.. and I hope to learn more english lol
- Christian S. Perone
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SFTP Error, Nathan Jackson-Eeles
Next by Date:  restriction to connect to one host only, Eriberto
Previous by Thread:  what about rate limiting?, Jeremy C. Reed
Next by Thread:  Re: what about rate limiting?, Justin Piszcz
Indexes:  [Date] [Thread] [Top] [All Lists]