Date: Tue, 11 May 2004 22:37:06 +0200 From: Patrick Proniewski <patpro@patpro.net> To: Roger Marquis <marquis@roble.com> Cc: freebsd-security@freebsd.org Subject: Re: rate limiting sshd connections ? Message-ID: <F7B884F8-A38A-11D8-AAAF-0030654D97EC@patpro.net> In-Reply-To: <20040511202707.C40492C6A0@mx5.roble.com> References: <20040511190058.A8FC516A4DB@hub.freebsd.org> <20040511202707.C40492C6A0@mx5.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 mai 2004, at 22:27, Roger Marquis wrote: > "slimmy baddog" wrote: >> I would strognly suggest that you dont use inetd for running services >> but >> running all your services as daemons wich is much faster for the >> system >> and safer. > > That used to be the recommendation, back when 50MHz CPUs were the > norm. With 1 GHz and faster CPUs the difference between sshd and > inetd starting a child sshd is in the millisecond range i.e, impossible > to distinguish by look and feel. in fact, I've seen an Apple XServe (two G4 1GHz processors) running MacOS X Server beeing DOSed by a remote Nagios probe testing it's sshd once per minute. On OSX, sshd runs from xinetd. The box used to need hard reboot once a day until the problem was identified and the nagios probe was disabled. my 2 cents. patpro -- je cherche un poste d'admin-sys Mac/UNIX (ou une jeune et jolie femme riche) http://patpro.net/cv.php
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F7B884F8-A38A-11D8-AAAF-0030654D97EC>