Re: rate limiting sshd connections ?
On 11 mai 2004, at 22:27, Roger Marquis wrote:
> "slimmy baddog" wrote:
>> I would strognly suggest that you dont use inetd for running services
>> but
>> running all your services as daemons wich is much faster for the
>> system
>> and safer.
>
> That used to be the recommendation, back when 50MHz CPUs were the
> norm. With 1 GHz and faster CPUs the difference between sshd and
> inetd starting a child sshd is in the millisecond range i.e, impossible
> to distinguish by look and feel.
in fact, I've seen an Apple XServe (two G4 1GHz processors) running
MacOS
X Server beeing DOSed by a remote Nagios probe testing it's sshd once
per
minute. On OSX, sshd runs from xinetd. The box used to need hard reboot
once
a day until the problem was identified and the nagios probe was
disabled.
my 2 cents.
patpro
--
je cherche un poste d'admin-sys Mac/UNIX
(ou une jeune et jolie femme riche)
http://patpro.net/cv.php
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 8 之 11 篇):