From owner-freebsd-current@FreeBSD.ORG  Fri Aug  1 19:29:54 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 620FA106566C
	for <freebsd-current@freebsd.org>; Fri,  1 Aug 2008 19:29:54 +0000 (UTC)
	(envelope-from jolly@mail.thecoffinclub.com)
Received: from mail.thecoffinclub.com (thecoffinclub.com [200.46.208.155])
	by mx1.freebsd.org (Postfix) with ESMTP id 007CC8FC0C
	for <freebsd-current@freebsd.org>; Fri,  1 Aug 2008 19:29:53 +0000 (UTC)
	(envelope-from jolly@mail.thecoffinclub.com)
Received: from localhost (unknown [200.46.208.211])
	by mail.thecoffinclub.com (Postfix) with ESMTP id DCBB684B020
	for <freebsd-current@freebsd.org>; Fri,  1 Aug 2008 19:09:55 +0000 (UTC)
Received: from mail.thecoffinclub.com ([200.46.208.155])
	by localhost (mx1.hub.org [200.46.208.211]) (amavisd-maia, port 10024)
	with ESMTP id 11271-10 for <freebsd-current@freebsd.org>;
	Fri,  1 Aug 2008 16:09:55 -0300 (ADT)
Received: by mail.thecoffinclub.com (Postfix, from userid 1004)
	id 8581184B012; Fri,  1 Aug 2008 19:09:54 +0000 (UTC)
Date: Fri, 1 Aug 2008 15:09:42 -0400
From: Jacob Frelinger <jolly@thecoffinclub.com>
To: freebsd-current@freebsd.org
Message-ID: <20080801150942.1aa5e505@thecoffinclub.com>
In-Reply-To: <EB0526E758E4764B9B5186295C5790C901A7D094@PUEXCBJ0.nanterre.francetelecom.fr>
References: <EB0526E758E4764B9B5186295C5790C901A7CF4E@PUEXCBJ0.nanterre.francetelecom.fr>
	<20080801121004.GO99951@hoeg.nl>
	<20080801122640.GH97161@deviant.kiev.zoral.com.ua>
	<EB0526E758E4764B9B5186295C5790C901A7D094@PUEXCBJ0.nanterre.francetelecom.fr>
X-Mailer: Claws Mail 3.5.0 (GTK+ 2.12.11; i386-portbld-freebsd7.0)
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="Sig_/eI_Z_bQxT4Mvh1EQ/Slqxwr";
	protocol="application/pgp-signature"; micalg=PGP-SHA1
Subject: Re: [BSD6] SSH Restriction
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Aug 2008 19:29:54 -0000

--Sig_/eI_Z_bQxT4Mvh1EQ/Slqxwr
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Fri, 1 Aug 2008 14:36:07 +0200
<karim.bourenane@orange-ftgroup.com> wrote:

>=20
> For exactly description.=20
>=20
> We have one user (robot) connect on server with ssh command and
> telnet argment to access on some router. The connection is not closed
> and cleaned properly. Also the CPU increases dangerously.

would limiting the number of connections via ipfw work?
I've used it to stop spammers from hammering on mail servers and
zombied hosts from hammering on ssh servers.


--=20
Jacob "I'm Brainy For Zombie Pops" Frelinger=20
Jolly at TheCoffinClub dot Com=20
http://www.thecoffinclub.com=20

--Sig_/eI_Z_bQxT4Mvh1EQ/Slqxwr
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iD8DBQFIk192O887GYmMIQIRAkGTAJ9GeFgbLW+rmu22T321HmS39i2hKQCg5dke
oX+tVuUYnELRlP7WSlBQrq4=
=2qWA
-----END PGP SIGNATURE-----

--Sig_/eI_Z_bQxT4Mvh1EQ/Slqxwr--