Date: Tue, 11 May 2004 13:27:07 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Subject: Re: rate limiting sshd connections ? Message-ID: <20040511202707.C40492C6A0@mx5.roble.com> In-Reply-To: <20040511190058.A8FC516A4DB@hub.freebsd.org> References: <20040511190058.A8FC516A4DB@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Roger Marquis wrote: > Aside from having more connection limiting features inetd is also > easier to configure on non-standard ports, uses less memory (1K vs > 5K), and has a simpler (and by extension more secure) code base. > "slimmy baddog" wrote: > I would strognly suggest that you dont use inetd for running services but > running all your services as daemons wich is much faster for the system >and safer. That used to be the recommendation, back when 50MHz CPUs were the norm. With 1 GHz and faster CPUs the difference between sshd and inetd starting a child sshd is in the millisecond range i.e, impossible to distinguish by look and feel. As to security I think both code bases have had about the same degree of peer review. The smaller size of the inetd code base is what makes it more secure. -- Roger Marquis Roble Systems Consulting http://www.roble.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040511202707.C40492C6A0>