From owner-freebsd-security@FreeBSD.ORG  Wed May 12 00:41:13 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 95EDE16A4CE
	for <freebsd-security@freebsd.org>;
	Wed, 12 May 2004 00:41:13 -0700 (PDT)
Received: from boleskine.patpro.net (boleskine.patpro.net [62.4.20.155])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3447943D4C
	for <freebsd-security@freebsd.org>;
	Wed, 12 May 2004 00:41:13 -0700 (PDT)
	(envelope-from patpro@patpro.net)
Received: from [192.168.0.1] (cassandre [192.168.0.1])
	by boleskine.patpro.net (Postfix) with ESMTP
	id F1DE11A9; Wed, 12 May 2004 09:41:14 +0200 (CEST)
In-Reply-To: <20040512040819.024F92C6A0@mx5.roble.com>
References: <20040511190058.A8FC516A4DB@hub.freebsd.org>
	<20040511202707.C40492C6A0@mx5.roble.com>
	<F7B884F8-A38A-11D8-AAAF-0030654D97EC@patpro.net>
	<20040512040819.024F92C6A0@mx5.roble.com>
Mime-Version: 1.0 (Apple Message framework v613)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <BA7B6705-A3E7-11D8-BA1C-0030654D97EC@patpro.net>
Content-Transfer-Encoding: 7bit
From: Patrick Proniewski <patpro@patpro.net>
Date: Wed, 12 May 2004 09:41:06 +0200
To: Roger Marquis <marquis@roble.com>
X-Mailer: Apple Mail (2.613)
cc: freebsd-security@freebsd.org
Subject: Re: rate limiting sshd connections ?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2004 07:41:13 -0000

On 12 mai 2004, at 06:08, Roger Marquis wrote:

>> in fact, I've seen an Apple XServe (two G4 1GHz processors) running
>> MacOS X Server beeing DOSed by a remote Nagios probe testing it's
>> sshd once per minute.
>
> Once per minute?  That's extremely unusual.  Do you mean once per
> second?

yes, once per minute, but the box is pretty loaded on the apache front


>> On OSX, sshd runs from xinetd.
>
> Sounds like a configuration issue.

like many things on OSXS (for example bind running as root and not 
chrooted...)


patpro
-- 
je cherche un poste d'admin-sys Mac/UNIX
(ou une jeune et jolie femme riche)
http://patpro.net/cv.php