|
![](/i/fill.gif) |
On Tue, 13 Sep 2011 17:14:02 -0400, Jim Henderson wrote:
>> So how do you prevent somebody connecting to your server a thousand
>> times per second and feeding it duff credentials, thereby preventing
>> any legitimate users logging in, and wasting lots of CPU power?
>
> On my system, I use a tool called blockhosts. After 5 failed attempts,
> the portmapper won't allow them to connect to the service any more -
> which slows them down (because it doesn't send an ack) and allows legit
> users to login - even on the same port/service - and doesn't waste any
> CPU power at all.
Additionally, if I wanted to be more secure on my system, I could run sshd
on a non-standard port (or forward from a non-standard port in my
firewall). Then they have to find the service first, and most of the
scripts that do that won't bother, because there are easier targets.
Jim
Post a reply to this message
|
![](/i/fill.gif) |