From owner-freebsd-security Sat Jan 5 13:38:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from chaos.evolve.za.net (chaos.evolve.za.net [196.34.172.107]) by hub.freebsd.org (Postfix) with ESMTP id 94C1F37B419 for ; Sat, 5 Jan 2002 13:38:17 -0800 (PST) Received: from DAVE ([192.168.0.56]) by chaos.evolve.za.net (8.11.6/1.1.3) with SMTP id g05LbvI36958; Sat, 5 Jan 2002 23:37:59 +0200 (SAST) (envelope-from dave@raven.za.net) Message-ID: <009101c19630$d443e320$3800a8c0@DAVE> From: "Dave Raven" To: "Kevin Kinsey" , References: <035701c19626$032a1de0$6af25b41@daleco> Subject: Re: Repost: txt only: maxstartups in sshd_config Date: Sat, 5 Jan 2002 23:34:57 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thats a rather odd setting. It would allow 4 connections, then drop 50% of the new ones until it reaches 25. Then stop accepting. It is good to prevent any attempts at some sort of denial of service attack. All logins are treated the same; so you would be locked out. But would you not be locked out if someone managed to crash your box with a ton of ssh connections? ----- Original Message ----- From: "Kevin Kinsey" To: Sent: Saturday, January 05, 2002 10:17 PM Subject: Repost: txt only: maxstartups in sshd_config > Sorry, upgraded M$ OE last night and forgot > to tell it txt only when dealing with freebsd.org.... > > ----- Original Message ----- > From: Kevin Kinsey > To: freebsd-security@freebsd.org > Sent: Saturday, January 05, 2002 2:14 PM > Subject: maxstartups in sshd_config > > > Considering setting mentioned variable more > in the neighborhood of 4:50:25. > > However, questions that occurs is, is someone > is trying to login in w/o authorization, wouldn't > the daemon treat my login attempts in the same > way? How likely would I be to have trouble logging > in if I set this to this value? > > Also, what am I not thinking of, and is there > really any benefit anyway? > > TIA, Kevin Kinsey > > ---------------------------------------------------- > Sign Up for NetZero Platinum Today > Only $9.95 per month! > http://my.netzero.net/s/signup?r=platinum&refcd=PT97 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message