On Monday 2010-04-26 17:09, Покотиленко Костик wrote: >В Пнд, 26/04/2010 в 16:34 +0200, Pascal Hambourg пишет: >> Hello, >> >> Richard Horton a écrit : >> > >> > A better option would be to drop ssh connections if the number of >> > attempts from a single ip address exceedes an acceptable limit >> >> Preferably the number of *failed* attempts. That's what fail2ban and the >> like do. >> >> > can't see many legit uses for ssh where you you connect and >> > disconnect multiple times within a 1 minute window) >> >> What about scp ? > >Regarding my rules multiple sequential scp attempt will get slow, but >sftp won't. scp is a little slow itself, nor does it copy attributes well. Use rsync where available. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
