1 |
Hi |
2 |
|
3 |
2006/10/5, Hans-Werner Hilse <hilse@×××.de>: |
4 |
> |
5 |
> Hi, |
6 |
> |
7 |
> On Thu, 5 Oct 2006 17:33:15 +0200 |
8 |
> "José González Gómez" <jgonzalez.openinput@×××××.com> wrote: |
9 |
> |
10 |
> > I've got a virtual private server hosted somewhere and they're blocking |
11 |
> me |
12 |
> > because their intrusion detection system detects 10 ssh connections in |
13 |
> less |
14 |
> > than 2 minutes from my current IP. My question is: is it possible for an |
15 |
> > intrusion detection system to differentiate between successful and |
16 |
> > unsuccessful ssh connections so they don't block me? Of course all my |
17 |
> > connections are successful. |
18 |
> |
19 |
> Well of course. It takes a bit more work, though. What are you trying? |
20 |
> Proving to the hoster that they could do better? I guess they know that |
21 |
> already (and are happy to bill you for better service). |
22 |
|
23 |
|
24 |
I'm just trying to decide if I should keep my current hoster and find out if |
25 |
this is common practice among hosters. |
26 |
|
27 |
In short: length of conversation would be an indication. Doesn't work |
28 |
> for simple firewalls that don't really work on full TCP streams. And I |
29 |
> guess that's the reason why your hoster doesn't opt for something more |
30 |
> elaborated. |
31 |
> |
32 |
> Maybe you should just run ssh on a different port? |
33 |
> |
34 |
|
35 |
Thanks for the idea, I'll take it into account. |
36 |
|
37 |
Best regards |
38 |
Jose |