| 1 |
Hi |
| 2 |
|
| 3 |
2006/10/5, Hans-Werner Hilse <hilse@×××.de>: |
| 4 |
> |
| 5 |
> Hi, |
| 6 |
> |
| 7 |
> On Thu, 5 Oct 2006 17:33:15 +0200 |
| 8 |
> "José González Gómez" <jgonzalez.openinput@×××××.com> wrote: |
| 9 |
> |
| 10 |
> > I've got a virtual private server hosted somewhere and they're blocking |
| 11 |
> me |
| 12 |
> > because their intrusion detection system detects 10 ssh connections in |
| 13 |
> less |
| 14 |
> > than 2 minutes from my current IP. My question is: is it possible for an |
| 15 |
> > intrusion detection system to differentiate between successful and |
| 16 |
> > unsuccessful ssh connections so they don't block me? Of course all my |
| 17 |
> > connections are successful. |
| 18 |
> |
| 19 |
> Well of course. It takes a bit more work, though. What are you trying? |
| 20 |
> Proving to the hoster that they could do better? I guess they know that |
| 21 |
> already (and are happy to bill you for better service). |
| 22 |
|
| 23 |
|
| 24 |
I'm just trying to decide if I should keep my current hoster and find out if |
| 25 |
this is common practice among hosters. |
| 26 |
|
| 27 |
In short: length of conversation would be an indication. Doesn't work |
| 28 |
> for simple firewalls that don't really work on full TCP streams. And I |
| 29 |
> guess that's the reason why your hoster doesn't opt for something more |
| 30 |
> elaborated. |
| 31 |
> |
| 32 |
> Maybe you should just run ssh on a different port? |
| 33 |
> |
| 34 |
|
| 35 |
Thanks for the idea, I'll take it into account. |
| 36 |
|
| 37 |
Best regards |
| 38 |
Jose |
Archives