Gentoo Archives: gentoo-user

From: Daniel da Veiga <danieldaveiga@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] [OT] Blocking only unsuccessful ssh connections
Date: Thu, 05 Oct 2006 18:17:54
Message-Id: 342e1090610051111j47a0bc7btac52c231a96f15ac@mail.gmail.com
In Reply to: [gentoo-user] [OT] Blocking only unsuccessful ssh connections by "José González Gómez"
1 On 10/5/06, José González Gómez <jgonzalez.openinput@×××××.com> wrote:
2 > Hi there,
3 >
4 > I've got a virtual private server hosted somewhere and they're blocking me
5 > because their intrusion detection system detects 10 ssh connections in less
6 > than 2 minutes from my current IP. My question is: is it possible for an
7 > intrusion detection system to differentiate between successful and
8 > unsuccessful ssh connections so they don't block me? Of course all my
9 > connections are successful.
10 >
11
12 As Hans-Werner already told you, there are better ways to detect
13 intrusion, and of course they could implement it in a way successful
14 connection would not cause the intrusion detect system to block you,
15 but its a bit more complicated and would involve the whole system,
16 wich most providers do not want/care to have and if they have, they
17 charge over it.
18
19 The questions here, if you don't want to argue with your host
20 provider, would be:
21 1) Is there another provider that does not have such limitation?
22 2) 10 connection in 2 minutes is a good config, why do you have so
23 many connections in so little time? Is there another way to do
24 whatever you're trying to do with less connections?
25
26 I've rewrote a complete system just so I would not have to discuss my
27 ISP security policies. I guess it was faster to change a few hundred
28 lines of code than to keep calling them on the phone to argue about it
29 (if I could, I would have changed ISP).
30
31 --
32 Daniel da Veiga
33 Computer Operator - RS - Brazil
34 -----BEGIN GEEK CODE BLOCK-----
35 Version: 3.1
36 GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V-
37 PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++
38 ------END GEEK CODE BLOCK------
39
40 --
41 gentoo-user@g.o mailing list

Replies

Subject Author
Re: [gentoo-user] [OT] Blocking only unsuccessful ssh connections "José González Gómez" <jgonzalez.openinput@×××××.com>