Hi, On Thu, 5 Oct 2006 17:33:15 +0200 "José González Gómez" <[EMAIL PROTECTED]> wrote:
> I've got a virtual private server hosted somewhere and they're blocking me > because their intrusion detection system detects 10 ssh connections in less > than 2 minutes from my current IP. My question is: is it possible for an > intrusion detection system to differentiate between successful and > unsuccessful ssh connections so they don't block me? Of course all my > connections are successful. Well of course. It takes a bit more work, though. What are you trying? Proving to the hoster that they could do better? I guess they know that already (and are happy to bill you for better service). In short: length of conversation would be an indication. Doesn't work for simple firewalls that don't really work on full TCP streams. And I guess that's the reason why your hoster doesn't opt for something more elaborated. Maybe you should just run ssh on a different port? -hwh -- gentoo-user@gentoo.org mailing list