1 |
On 10/5/06, José González Gómez <jgonzalez.openinput@×××××.com> wrote: |
2 |
> Hi there, |
3 |
> |
4 |
> I've got a virtual private server hosted somewhere and they're blocking me |
5 |
> because their intrusion detection system detects 10 ssh connections in less |
6 |
> than 2 minutes from my current IP. My question is: is it possible for an |
7 |
> intrusion detection system to differentiate between successful and |
8 |
> unsuccessful ssh connections so they don't block me? Of course all my |
9 |
> connections are successful. |
10 |
> |
11 |
|
12 |
As Hans-Werner already told you, there are better ways to detect |
13 |
intrusion, and of course they could implement it in a way successful |
14 |
connection would not cause the intrusion detect system to block you, |
15 |
but its a bit more complicated and would involve the whole system, |
16 |
wich most providers do not want/care to have and if they have, they |
17 |
charge over it. |
18 |
|
19 |
The questions here, if you don't want to argue with your host |
20 |
provider, would be: |
21 |
1) Is there another provider that does not have such limitation? |
22 |
2) 10 connection in 2 minutes is a good config, why do you have so |
23 |
many connections in so little time? Is there another way to do |
24 |
whatever you're trying to do with less connections? |
25 |
|
26 |
I've rewrote a complete system just so I would not have to discuss my |
27 |
ISP security policies. I guess it was faster to change a few hundred |
28 |
lines of code than to keep calling them on the phone to argue about it |
29 |
(if I could, I would have changed ISP). |
30 |
|
31 |
-- |
32 |
Daniel da Veiga |
33 |
Computer Operator - RS - Brazil |
34 |
-----BEGIN GEEK CODE BLOCK----- |
35 |
Version: 3.1 |
36 |
GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V- |
37 |
PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++ |
38 |
------END GEEK CODE BLOCK------ |
39 |
|
40 |
-- |
41 |
gentoo-user@g.o mailing list |