On 10/5/06, José González Gómez <[EMAIL PROTECTED]> wrote:
Hi there,
I've got a virtual private server hosted somewhere and they're blocking me
because their intrusion detection system detects 10 ssh connections in less
than 2 minutes from my current IP. My question is: is it possible for an
intrusion detection system to differentiate between successful and
unsuccessful ssh connections so they don't block me? Of course all my
connections are successful.
As Hans-Werner already told you, there are better ways to detect
intrusion, and of course they could implement it in a way successful
connection would not cause the intrusion detect system to block you,
but its a bit more complicated and would involve the whole system,
wich most providers do not want/care to have and if they have, they
charge over it.
The questions here, if you don't want to argue with your host
provider, would be:
1) Is there another provider that does not have such limitation?
2) 10 connection in 2 minutes is a good config, why do you have so
many connections in so little time? Is there another way to do
whatever you're trying to do with less connections?
I've rewrote a complete system just so I would not have to discuss my
ISP security policies. I guess it was faster to change a few hundred
lines of code than to keep calling them on the phone to argue about it
(if I could, I would have changed ISP).
--
Daniel da Veiga
Computer Operator - RS - Brazil
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V-
PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++
------END GEEK CODE BLOCK------
--
[email protected] mailing list
