• @[email protected]
    link
    fedilink
    English
    31
    edit-2
    7 months ago
    Repeated offenses by the same client address will accrue greater
    penalties, up to a configurable maximum. A PerSourcePenaltyExemptList
    option allows certain address ranges to be exempt from all penalties.
    
    We hope these options will make it significantly more difficult for
    attackers to find accounts with weak/guessable passwords or exploit
    bugs in sshd(8) itself.
    

    Nice rate limiting

      • @fluckx
        link
        57 months ago

        Tell me in the old days there were other things that could happen. Like feathering somebody after tar pitting. I dont know what that would’ve meant. Maybe servers ridiculing an attacker or something.

        Tar pitting sounds way more fun than rate limiting >.>

        • @[email protected]
          link
          fedilink
          27 months ago

          Like feathering somebody after tar pitting. I dont know what that would’ve meant. Maybe servers ridiculing an attacker or something

          Could be a feature where servers would add your IP to a list, and send it to the clients (like a list somewhere in case of a website)

          Then clients would start sending random metasploit-esk requests to those IPS

    • haui
      link
      fedilink
      77 months ago

      So we‘re making fail2ban obsolete for this usecase?