Linux

5326 readers

194 users here now

A community for everything relating to the linux operating system

Also check out [email protected]

Original icon base courtesy of [email protected] and The GIMP

founded 1 year ago

MODERATORS

Ategon

anzo

dwraf_of_ignorance

OpenSSH introduces options to penalize undesirable behavior (undeadly.org)

submitted 5 months ago by [email protected] to c/linux

9 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 31 points 5 months ago* (last edited 5 months ago) (2 children)

Repeated offenses by the same client address will accrue greater
penalties, up to a configurable maximum. A PerSourcePenaltyExemptList
option allows certain address ranges to be exempt from all penalties.

We hope these options will make it significantly more difficult for
attackers to find accounts with weak/guessable passwords or exploit
bugs in sshd(8) itself.

Nice rate limiting

[–] [email protected] 10 points 5 months ago (2 children)

In the old days we called it tar pitting.

[–] [email protected] 5 points 5 months ago (2 children)

Tell me in the old days there were other things that could happen. Like feathering somebody after tar pitting. I dont know what that would've meant. Maybe servers ridiculing an attacker or something.

Tar pitting sounds way more fun than rate limiting >.>

[–] RonSijm 2 points 5 months ago

Like feathering somebody after tar pitting. I dont know what that would’ve meant. Maybe servers ridiculing an attacker or something

Could be a feature where servers would add your IP to a list, and send it to the clients (like a list somewhere in case of a website)

Then clients would start sending random metasploit-esk requests to those IPS

[–] [email protected] 2 points 5 months ago

I think it's supposed to evoke an image of an animal getting trapped in a tarpit.

IIRC, originally it was adding a delay on SMTP connections to keep spammers busy.

https://verifalia.com/help/email-validations/what-is-smtp-tarpitting

[–] [email protected] 4 points 5 months ago* (last edited 5 months ago) (1 children)

First time I hear that term, interesting

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago)

You should look into it. Network tarpitting has an interesting history.

https://en.m.wikipedia.org/wiki/Tarpit_(networking)

[–] [email protected] 7 points 5 months ago (1 children)

So we‘re making fail2ban obsolete for this usecase?

[–] Corbin 2 points 5 months ago

Yes, if that's the only reason one is using fail2ban. Honestly, I won't miss it.