Hi, Matt--

On Aug 9, 2010, at 8:13 PM, Matt Emmerton wrote:
> I'm in the middle of dealing with a SSH brute force attack that is 
> relentless.  I'm working on getting sshguard+ipfw in place to deal with it, 
> but in the meantime, my box is getting pegged because sshd is accepting some 
> connections which are getting stuck in [accepted] state and eating CPU.
> 
> I know there's not much I can do about the brute force attacks, but will 
> upgrading openssh avoid these stuck connections?

If I wasn't allowed to require that in order to SSH to arbitrary internal 
machines one would need to do a VPN session, the second choice would be to 
install the openssh port with tcpwrappers support + denyhosts.

Regards,
-- 
-Chuck

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to