2006/10/5, Hans-Werner Hilse <[EMAIL PROTECTED]>:
I'm just trying to decide if I should keep my current hoster and find out if this is common practice among hosters.
Hi,
On Thu, 5 Oct 2006 17:33:15 +0200
"José González Gómez" <[EMAIL PROTECTED]> wrote:
> I've got a virtual private server hosted somewhere and they're blocking me
> because their intrusion detection system detects 10 ssh connections in less
> than 2 minutes from my current IP. My question is: is it possible for an
> intrusion detection system to differentiate between successful and
> unsuccessful ssh connections so they don't block me? Of course all my
> connections are successful.
Well of course. It takes a bit more work, though. What are you trying?
Proving to the hoster that they could do better? I guess they know that
already (and are happy to bill you for better service).
I'm just trying to decide if I should keep my current hoster and find out if this is common practice among hosters.
In short: length of conversation would be an indication. Doesn't work
for simple firewalls that don't really work on full TCP streams. And I
guess that's the reason why your hoster doesn't opt for something more
elaborated.
Maybe you should just run ssh on a different port?
Thanks for the idea, I'll take it into account.
Best regards
Jose
