Linux

5161 readers

160 users here now

A community for everything relating to the linux operating system

Also check out [email protected]

Original icon base courtesy of [email protected] and The GIMP

founded 1 year ago

MODERATORS

Ategon

anzo

dwraf_of_ignorance

OpenSSH introduces options to penalize undesirable behavior (undeadly.org)

submitted 4 months ago by [email protected] to c/linux

9 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 31 points 4 months ago* (last edited 4 months ago) (8 children)

Repeated offenses by the same client address will accrue greater
penalties, up to a configurable maximum. A PerSourcePenaltyExemptList
option allows certain address ranges to be exempt from all penalties.

We hope these options will make it significantly more difficult for
attackers to find accounts with weak/guessable passwords or exploit
bugs in sshd(8) itself.

Nice rate limiting

[–] [email protected] 10 points 4 months ago (5 children)

In the old days we called it tar pitting.

[–] [email protected] 5 points 4 months ago (2 children)

Tell me in the old days there were other things that could happen. Like feathering somebody after tar pitting. I dont know what that would've meant. Maybe servers ridiculing an attacker or something.

Tar pitting sounds way more fun than rate limiting >.>

[–] RonSijm 2 points 4 months ago

Like feathering somebody after tar pitting. I dont know what that would’ve meant. Maybe servers ridiculing an attacker or something

Could be a feature where servers would add your IP to a list, and send it to the clients (like a list somewhere in case of a website)

Then clients would start sending random metasploit-esk requests to those IPS

load more comments (1 replies)

load more comments (3 replies)

load more comments (5 replies)