On Wed, Apr 12, 2006 at 01:07:02PM -0700, Blake B. wrote:
>
> >It's not uncommon for me to ssh into my own machine 10 or more times
> >in a 60 second period. I know people that do twice or thrice that.
>
> I can see a few scenarios where this would happen (scripts, sync
> jobs, etc.) but overall why would you ever need to? You can easily
> exclude IPs from the iptables behavior, and/or setup a backdoor SSH
> daemon on a different port.
> And generally if you're the only person using the system then keeping
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^> SSH on port 22 isn't really a concern. Obviously, if someone is looking at a system that only they use, they should describe their usage patterns and do what works best for them. Connection limiting may be the best option. However, when a number of people are using a system, this can be problematic. For example, BYU OIT set up a campus-wide system that blocked connections to a host after something like five connections per minute. A number of people in the CS department were affected by this. OIT's response was to increase the limit, but people still occasionally hit it. The fact of the matter is that some legitimate users will occasionally connect at a faster rate than the attackers. -- Andrew McNabb http://www.mcnabbs.org/andrew/ PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868
pgpOVQjjr2DZk.pgp
Description: PGP signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
