rate limiting sshd connections ?
Patrick Proniewski
patpro at patpro.net
Tue May 11 13:37:15 PDT 2004
On 11 mai 2004, at 22:27, Roger Marquis wrote:
> "slimmy baddog" wrote:
>> I would strognly suggest that you dont use inetd for running services
>> but
>> running all your services as daemons wich is much faster for the
>> system
>> and safer.
>
> That used to be the recommendation, back when 50MHz CPUs were the
> norm. With 1 GHz and faster CPUs the difference between sshd and
> inetd starting a child sshd is in the millisecond range i.e, impossible
> to distinguish by look and feel.
in fact, I've seen an Apple XServe (two G4 1GHz processors) running
MacOS
X Server beeing DOSed by a remote Nagios probe testing it's sshd once
per
minute. On OSX, sshd runs from xinetd. The box used to need hard reboot
once
a day until the problem was identified and the nagios probe was
disabled.
my 2 cents.
patpro
--
je cherche un poste d'admin-sys Mac/UNIX
(ou une jeune et jolie femme riche)
http://patpro.net/cv.php
More information about the freebsd-security
mailing list