From owner-freebsd-security Sun Dec 5 10:43:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 6857015343 for ; Sun, 5 Dec 1999 10:43:07 -0800 (PST) (envelope-from green@FreeBSD.org) Received: from localhost (green@localhost [127.0.0.1]) by green.dyndns.org (8.9.3/8.9.3) with ESMTP id NAA55280; Sun, 5 Dec 1999 13:42:57 -0500 (EST) (envelope-from green@FreeBSD.org) Date: Sun, 5 Dec 1999 13:42:56 -0500 (EST) From: Brian Fundakowski Feldman X-Sender: green@green.dyndns.org To: security@FreeBSD.org Cc: markus@OpenBSD.org Subject: Please review: OpenSSH rate-limiting Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In order to prevent DoS attacks from increasing system load, I've added a "ConnectionsPerPeriod" setting to OpenSSH's sshd(8). I've now updated the documentation, changed the sample configuration file to use a LoginGraceTime of 1 minute and ConnectionsPerPeriod setting of 5 connections per 10 seconds, in addition to the actual code which implements the rate-limiting. If there are no obstructing objections, I'd like to commit it to the OpenSSH port. Diffs relative to the current OpenSSH port can be found at http://www.FreeBSD.org/~green/openssh.connectionsperperiod.patch MD5 (openssh.connectionsperperiod.patch) = f42429503f29c073e3e5a835e95d8b02 Thanks in advance! -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message