From owner-freebsd-security Mon Dec 4 16:49:36 2000 From owner-freebsd-security@FreeBSD.ORG Mon Dec 4 16:49:34 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from earth.backplane.com (placeholder-dcat-1076843399.broadbandoffice.net [64.47.83.135]) by hub.freebsd.org (Postfix) with ESMTP id A21C537B400 for ; Mon, 4 Dec 2000 16:49:34 -0800 (PST) Received: (from dillon@localhost) by earth.backplane.com (8.11.1/8.9.3) id eB50nWg78677; Mon, 4 Dec 2000 16:49:32 -0800 (PST) (envelope-from dillon) Date: Mon, 4 Dec 2000 16:49:32 -0800 (PST) From: Matt Dillon Message-Id: <200012050049.eB50nWg78677@earth.backplane.com> To: "David G. Andersen" Cc: JHowie@msn.com (John Howie), freebsd-security@FreeBSD.ORG Subject: Re: Fw: NAPTHA Advisory Updated - BindView RAZOR References: <200012050043.RAA27046@faith.cs.utah.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :This isn't a FreeBSD failure per se, but a resource control :failure. Whether you want to point a finger at FreeBSD, ssh, or the :operator of the box is entirely up to you. :-) : I was under the impression that you could limit ssh's connection acceptance rate in sshd_config. # Rate-limit sshd connections to 5 connections per 10 seconds ConnectionsPerPeriod 5/10 Not only that, but it's turned on by default. You can also do the same thing with services run from inetd with appropriate options to inetd. It isn't perfect, but it should be sufficient. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message