Seeking advice for implementing a configurable login-delay option
Gert Doering
gert at greenie.muc.de
Mon Feb 23 00:46:18 AEDT 2026
Hi,
On Sun, Feb 22, 2026 at 10:34:54AM +0330, Mehran Hashemi wrote:
> I am aware of the recently added `PerSourcePenalties`, but I think this
> mechanism is more suitable for dictionary attacks rather than DoS attacks
> because the attacker can use IP spoofing to bypass this option and continue
> password guessing.
IP-Spoofing for TCP connections? How so?
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany gert at greenie.muc.de
More information about the openssh-unix-dev
mailing list