[nycbug-talk] SSH attacks
Yarema
yds at CoolRat.org
Wed Sep 10 15:57:19 EDT 2008
Max Gribov wrote:
> csnyder wrote:
>> Once again, I find myself wishing there was some way to do this within
>> sshd itself, rather than rely on a firewall feature.
sshd does have the MaxStartups config option.
> why?.. firewalls are in the kernel, sshd is in the userland - cheaper
> and safer
But I'm with Max on this one. blocking with the in kernel packet filter
is way more efficient than relying on the service to handle the load of
a brute force attack.
>> It's a great marketing strategy for the BSDs, though. "Running
>> OpenSSH? Then you need PF to protect it." Meh.
More information about the talk
mailing list