From owner-freebsd-security@FreeBSD.ORG  Tue May 11 13:37:15 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5B63916A4CF
	for <freebsd-security@freebsd.org>;
	Tue, 11 May 2004 13:37:15 -0700 (PDT)
Received: from boleskine.patpro.net (boleskine.patpro.net [62.4.20.155])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 99EC443D2D
	for <freebsd-security@freebsd.org>;
	Tue, 11 May 2004 13:37:12 -0700 (PDT)
	(envelope-from patpro@patpro.net)
Received: from [192.168.0.1] (cassandre [192.168.0.1])
	by boleskine.patpro.net (Postfix) with ESMTP
	id E4111134; Tue, 11 May 2004 22:37:12 +0200 (CEST)
In-Reply-To: <20040511202707.C40492C6A0@mx5.roble.com>
References: <20040511190058.A8FC516A4DB@hub.freebsd.org>
	<20040511202707.C40492C6A0@mx5.roble.com>
Mime-Version: 1.0 (Apple Message framework v613)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <F7B884F8-A38A-11D8-AAAF-0030654D97EC@patpro.net>
Content-Transfer-Encoding: 7bit
From: Patrick Proniewski <patpro@patpro.net>
Date: Tue, 11 May 2004 22:37:06 +0200
To: Roger Marquis <marquis@roble.com>
X-Mailer: Apple Mail (2.613)
cc: freebsd-security@freebsd.org
Subject: Re: rate limiting sshd connections ?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 May 2004 20:37:15 -0000

On 11 mai 2004, at 22:27, Roger Marquis wrote:

> "slimmy baddog" wrote:
>> I would strognly suggest that you dont use inetd for running services 
>> but
>> running all your services as daemons wich is much faster for the 
>> system
>> and safer.
>
> That used to be the recommendation, back when 50MHz CPUs were the
> norm.  With 1 GHz and faster CPUs the difference between sshd and
> inetd starting a child sshd is in the millisecond range i.e, impossible
> to distinguish by look and feel.


in fact, I've seen an Apple XServe (two G4 1GHz processors) running 
MacOS
X Server beeing DOSed by a remote Nagios probe testing it's sshd once 
per
minute. On OSX, sshd runs from xinetd. The box used to need hard reboot 
once
a day until the problem was identified and the nagios probe was 
disabled.

my 2 cents.

patpro
-- 
je cherche un poste d'admin-sys Mac/UNIX
(ou une jeune et jolie femme riche)
http://patpro.net/cv.php