Subject: Re: Interesting security discovery.
To: Alex Pelts <alexp@broadcom.com>
From: Daniel Carosone <dan@geek.com.au>
List: tech-security
Date: 09/14/2006 09:31:37
--ngluH3DisTFy0Cjl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Sep 13, 2006 at 02:38:56PM -0700, Alex Pelts wrote:
> I was trying to improve on my banhosts utility and while searching for=20
> possible features I found this page=20
> http://tdot.blog-city.com/securing_ssh_with_denyhosts.htm
>=20
> This solution maybe not appropriate for hosts with high number of ssh=20
> users but for http/ftp/game servers it will make password guessing very=
=20
> time consuming.

You're opening yourself to denial of service, if someone opens many
ssh logins to you in parallel.

--
Dan.

--ngluH3DisTFy0Cjl
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (NetBSD)

iD8DBQFFCJTZEAVxvV4N66cRAjjDAKCNmN7G5EWaCsql+rVAO0qyfRBcAACg6Vn2
/ppakzMvE2qJTnjWokJzWb0=
=2Sh2
-----END PGP SIGNATURE-----

--ngluH3DisTFy0Cjl--