| 1 |
Hi, |
| 2 |
|
| 3 |
On Thu, 5 Oct 2006 17:33:15 +0200 |
| 4 |
"José González Gómez" <jgonzalez.openinput@×××××.com> wrote: |
| 5 |
|
| 6 |
> I've got a virtual private server hosted somewhere and they're blocking me |
| 7 |
> because their intrusion detection system detects 10 ssh connections in less |
| 8 |
> than 2 minutes from my current IP. My question is: is it possible for an |
| 9 |
> intrusion detection system to differentiate between successful and |
| 10 |
> unsuccessful ssh connections so they don't block me? Of course all my |
| 11 |
> connections are successful. |
| 12 |
|
| 13 |
Well of course. It takes a bit more work, though. What are you trying? |
| 14 |
Proving to the hoster that they could do better? I guess they know that |
| 15 |
already (and are happy to bill you for better service). |
| 16 |
|
| 17 |
In short: length of conversation would be an indication. Doesn't work |
| 18 |
for simple firewalls that don't really work on full TCP streams. And I |
| 19 |
guess that's the reason why your hoster doesn't opt for something more |
| 20 |
elaborated. |
| 21 |
|
| 22 |
Maybe you should just run ssh on a different port? |
| 23 |
|
| 24 |
-hwh |
| 25 |
|
| 26 |
-- |
| 27 |
gentoo-user@g.o mailing list |
Archives