Re: Growing sshd process count

To: netbsd-users%netbsd.org@localhost
Subject: Re: Growing sshd process count
From: Michael van Elst <mlelstv%serpens.de@localhost>
Date: Sat, 8 Oct 2022 09:40:48 +0200

On Sat, Oct 08, 2022 at 07:51:48AM +0530, Mayuresh wrote:
> On Fri, Oct 07, 2022 at 02:14:09PM -0000, Michael van Elst wrote:
> > Someone is brute-forcing your account passwords.
> 
> Thanks. I think blacklistd is protecting me.
> 
> But doesn't this qualify as a DDOS attack? The VPS provider (Hetzner)
> claims to provide DDOS protection. Shouldn't it have triggered in this
> scenario?

No idea what kind of protection Hetzner is offering. But such attacks
rarely qualify as DDOS, it's usually a single bot that does rapid login
attempts. Sometimes you have several concurrent independent attacks.

If you have a slow machine, blacklistd might not be sufficient. The
login attempt times out before sshd can check the password and trigger
the blacklist entry.

Greetings,
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."

Follow-Ups:
- Re: Growing sshd process count
  - From: Martin Husemann

References:
- Growing sshd process count
  - From: Mayuresh
- Re: Growing sshd process count
  - From: Michael van Elst
- Re: Growing sshd process count
  - From: Mayuresh

Prev by Date: Re: Growing sshd process count
Next by Date: Re: Growing sshd process count
Previous by Thread: Re: Growing sshd process count
Next by Thread: Re: Growing sshd process count
Indexes:

Home | Main Index | Thread Index | Old Index