From owner-freebsd-stable@FreeBSD.ORG  Fri Feb 17 19:51:17 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DD9D916A420
	for <freebsd-stable@freebsd.org>; Fri, 17 Feb 2006 19:51:17 +0000 (GMT)
	(envelope-from mike@sentex.net)
Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [64.7.153.18])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4986843D46
	for <freebsd-stable@freebsd.org>; Fri, 17 Feb 2006 19:51:17 +0000 (GMT)
	(envelope-from mike@sentex.net)
Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18])
	by smarthost1.sentex.ca (8.13.4/8.13.4) with ESMTP id k1HJp4nO070172;
	Fri, 17 Feb 2006 14:51:06 -0500 (EST) (envelope-from mike@sentex.net)
Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27])
	by lava.sentex.ca (8.13.3/8.13.3) with ESMTP id k1HJp20w022615
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 17 Feb 2006 14:51:02 -0500 (EST) (envelope-from mike@sentex.net)
Message-Id: <6.2.3.4.0.20060217144657.08e16cc8@64.7.153.2>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4
Date: Fri, 17 Feb 2006 14:50:57 -0500
To: Atanas <atanas@asd.aplus.net>
From: Mike Tancsa <mike@sentex.net>
In-Reply-To: <43F5322C.1090603@asd.aplus.net>
References: <59e2ee810512250841t75157e62rec9dc389ac716534@mail.gmail.com>
	<20051227101621.GA16276@walton.maths.tcd.ie>
	<86irrfoix5.fsf@xps.des.no> <43F4E3B0.1090806@asd.aplus.net>
	<43F514BD.608@cytexbg.com> <43F5322C.1090603@asd.aplus.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Scanned: by amavisd-new
X-Scanned-By: MIMEDefang 2.51 on 64.7.153.18
Cc: freebsd-stable@freebsd.org
Subject: Re: SSH login takes very long time...sometimes
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2006 19:51:18 -0000

At 09:17 PM 16/02/2006, Atanas wrote:

>Does anybody know whether ipfw (or something else within FreeBSD-4) 
>is capable of setting connection rate limits?


Why not just launch sshd out of inetd ?

Start up inetd with -wWl -C 5

In inetd.conf
ssh     stream  tcp     nowait  root  /usr/sbin/sshd 
/usr/sbin/sshd -i

This will allow 5 connections per min from a single IP.

on one of my web servers, I see for example

Feb  9 13:34:48 vinyl inetd[124]: ssh from 61.71.72.164 exceeded 
counts/min (limit 10/min)
Feb  9 15:36:22 vinyl inetd[124]: ssh from 61.235.76.190 exceeded 
counts/min (limit 10/min)
Feb 10 05:50:08 vinyl inetd[124]: ssh from 125.246.241.133 exceeded 
counts/min (limit 10/min)
Feb 10 11:11:30 vinyl inetd[124]: ssh from 221.143.43.243 exceeded 
counts/min (limit 10/min)
Feb 10 11:22:21 vinyl inetd[124]: ssh from 221.143.43.243 exceeded 
counts/min (limit 10/min)
Feb 10 14:49:13 vinyl inetd[124]: ssh from 218.246.34.133 exceeded 
counts/min (limit 10/min)
Feb 10 21:40:50 vinyl inetd[124]: ssh from 211.41.229.83 exceeded 
counts/min (limit 10/min)
Feb 11 16:24:36 vinyl inetd[124]: ssh from 211.71.97.26 exceeded 
counts/min (limit 10/min)
Feb 12 05:54:37 vinyl inetd[124]: ssh from 64.71.164.105 exceeded 
counts/min (limit 10/min)
Feb 12 05:54:57 vinyl inetd[124]: ssh from 212.205.97.25 exceeded 
counts/min (limit 10/min)
Feb 12 06:23:52 vinyl inetd[124]: ssh from 61.62.0.139 exceeded 
counts/min (limit 10/min)
Feb 12 11:54:43 vinyl inetd[124]: ssh from 202.64.253.156 exceeded 
counts/min (limit 10/min)
Feb 12 22:19:22 vinyl inetd[124]: ssh from 69.57.160.138 exceeded 
counts/min (limit 10/min)
Feb 13 07:23:41 vinyl inetd[124]: ssh from 61.155.9.172 exceeded 
counts/min (limit 10/min)
Feb 13 07:54:34 vinyl inetd[124]: ssh from 210.0.200.7 exceeded 
counts/min (limit 10/min)
Feb 13 10:12:59 vinyl inetd[124]: ssh from 63.79.13.145 exceeded 
counts/min (limit 10/min)
Feb 13 11:43:05 vinyl inetd[124]: ssh from 64.7.152.228 exceeded 
counts/min (limit 10/min)
Feb 13 14:36:17 vinyl inetd[124]: ssh from 210.117.187.175 exceeded 
counts/min (limit 10/min)
Feb 14 06:51:37 vinyl inetd[124]: ssh from 195.56.96.182 exceeded 
counts/min (limit 10/min)

Its good enough to get make those pesky scripts move along.

         ---Mike