[nycbug-talk] SSH attacks

Yarema yds at CoolRat.org
Wed Sep 10 15:57:19 EDT 2008


Max Gribov wrote:
> csnyder wrote:
>> Once again, I find myself wishing there was some way to do this within
>> sshd itself, rather than rely on a firewall feature.

sshd does have the MaxStartups config option.

> why?.. firewalls are in the kernel, sshd is in the userland - cheaper
> and safer

But I'm with Max on this one.  blocking with the in kernel packet filter
is way more efficient than relying on the service to handle the load of
a brute force attack.

>> It's a great marketing strategy for the BSDs, though. "Running
>> OpenSSH? Then you need PF to protect it." Meh.




More information about the talk mailing list