Feature request: FAIL_DELAY-support for sshd
Bjoern Voigt
bjoern at cs.tu-berlin.de
Thu Feb 3 03:59:42 EST 2005
Gert Doering <gert at greenie.muc.de> wrote:
> What we do here is "as soon as a host has hit 3 password auth failures,
> it will get auto-added to linux-iptables rules" (and boom, no more
> tries).
Ok, thanks. This may help in some situations.
But, how you deal with the following situation: Two users (a "good" user
and a "bad" user) are behind a firewall with one public IP. Now the
"bad" user tries 3 wrong passwords. After that, the "good" user can not
connect to his host (denial-of-service attack).
Regards, Björn
More information about the openssh-unix-dev
mailing list