Linux

5235 readers

143 users here now

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 1 year ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

OpenSSH introduces options to penalize undesirable behavior (undeadly.org)

submitted 5 months ago by Blaze@lemmy.zip to c/linux@programming.dev

9 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] jet@hackertalks.com 31 points 5 months ago* (last edited 5 months ago) (8 children)

Repeated offenses by the same client address will accrue greater
penalties, up to a configurable maximum. A PerSourcePenaltyExemptList
option allows certain address ranges to be exempt from all penalties.

We hope these options will make it significantly more difficult for
attackers to find accounts with weak/guessable passwords or exploit
bugs in sshd(8) itself.

Nice rate limiting

[–] SpaceCadet@feddit.nl 10 points 5 months ago (5 children)

In the old days we called it tar pitting.

[–] fluckx@lemmy.world 5 points 5 months ago (2 children)

Tell me in the old days there were other things that could happen. Like feathering somebody after tar pitting. I dont know what that would've meant. Maybe servers ridiculing an attacker or something.

Tar pitting sounds way more fun than rate limiting >.>

[–] SpaceCadet@feddit.nl 2 points 5 months ago

I think it's supposed to evoke an image of an animal getting trapped in a tarpit.

IIRC, originally it was adding a delay on SMTP connections to keep spammers busy.

https://verifalia.com/help/email-validations/what-is-smtp-tarpitting

load more comments (1 replies)

load more comments (3 replies)

load more comments (5 replies)