1 |
Hi, |
2 |
|
3 |
On Thu, 5 Oct 2006 17:33:15 +0200 |
4 |
"José González Gómez" <jgonzalez.openinput@×××××.com> wrote: |
5 |
|
6 |
> I've got a virtual private server hosted somewhere and they're blocking me |
7 |
> because their intrusion detection system detects 10 ssh connections in less |
8 |
> than 2 minutes from my current IP. My question is: is it possible for an |
9 |
> intrusion detection system to differentiate between successful and |
10 |
> unsuccessful ssh connections so they don't block me? Of course all my |
11 |
> connections are successful. |
12 |
|
13 |
Well of course. It takes a bit more work, though. What are you trying? |
14 |
Proving to the hoster that they could do better? I guess they know that |
15 |
already (and are happy to bill you for better service). |
16 |
|
17 |
In short: length of conversation would be an indication. Doesn't work |
18 |
for simple firewalls that don't really work on full TCP streams. And I |
19 |
guess that's the reason why your hoster doesn't opt for something more |
20 |
elaborated. |
21 |
|
22 |
Maybe you should just run ssh on a different port? |
23 |
|
24 |
-hwh |
25 |
|
26 |
-- |
27 |
gentoo-user@g.o mailing list |