Hi, Matt-- On Aug 9, 2010, at 8:13 PM, Matt Emmerton wrote: > I'm in the middle of dealing with a SSH brute force attack that is > relentless. I'm working on getting sshguard+ipfw in place to deal with it, > but in the meantime, my box is getting pegged because sshd is accepting some > connections which are getting stuck in [accepted] state and eating CPU. > > I know there's not much I can do about the brute force attacks, but will > upgrading openssh avoid these stuck connections?
If I wasn't allowed to require that in order to SSH to arbitrary internal machines one would need to do a VPN session, the second choice would be to install the openssh port with tcpwrappers support + denyhosts. Regards, -- -Chuck _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
