From owner-freebsd-security@FreeBSD.ORG  Sun Aug 20 21:20:32 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A35AC16A4FF
	for <freebsd-security@freebsd.org>;
	Sun, 20 Aug 2006 21:20:32 +0000 (UTC)
	(envelope-from dmitry@atlantis.dp.ua)
Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8128B43D6E
	for <freebsd-security@freebsd.org>;
	Sun, 20 Aug 2006 21:19:40 +0000 (GMT)
	(envelope-from dmitry@atlantis.dp.ua)
Received: from atlantis.dp.ua (localhost [127.0.0.1])
	by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k7KLJWrW081946; 
	Mon, 21 Aug 2006 00:19:32 +0300 (EEST)
	(envelope-from dmitry@atlantis.dp.ua)
Received: from localhost (dmitry@localhost)
	by atlantis.dp.ua (8.13.1/8.13.1/Submit) with ESMTP id k7KLJRCv081926; 
	Mon, 21 Aug 2006 00:19:32 +0300 (EEST)
	(envelope-from dmitry@atlantis.dp.ua)
Date: Mon, 21 Aug 2006 00:19:27 +0300 (EEST)
From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
To: Pieter de Boer <pieter@thedarkside.nl>
In-Reply-To: <44E76B21.8000409@thedarkside.nl>
Message-ID: <20060821001221.T49962@atlantis.atlantis.dp.ua>
References: <44E76B21.8000409@thedarkside.nl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-security@freebsd.org
Subject: Re: SSH scans vs connection ratelimiting
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Aug 2006 21:20:32 -0000


Hello!

On Sat, 19 Aug 2006, Pieter de Boer wrote:
> For months now, we're all seeing repeated bruteforce attempts on SSH. I've 
> configured my pf install to ratelimit TCP connections to port 22 and to

  I wonder why OpenSSH still doesn't support simple and nice feature of 
SSH.COM's sshd2_config:

         LoginGraceTime                  60
         AuthInteractiveFailureTimeout   10

These settings effectively cause robots to stop the scan for me. Every
scan attempt gives only 1..N failed attempts (where N=number of 
externally-reachable and SSH-served IPs on machine if robot is capable of 
simultaneous scan of several IPs), so I can just ignore them.

Sincerely, Dmitry
-- 
Atlantis ISP, System Administrator
e-mail:  dmitry@atlantis.dp.ua
nic-hdl: LYNX-RIPE