[UFO Chicago] Tripwire to shut off ssh access to a host?

Nate Riffe inkblot at movealong.org
Fri Nov 17 12:56:21 PST 2006


Jordan Bettis said this (probably recently):
> Also it appearently blocks the fourth connection 
> attempt along with the subsequent ones. So with
> that setup you're allowed three connection attempts
> in a minute.

It only blocks a packet if the previous three packets that met the
criteria arrived within the last second.  So, the fifth will only be
blocked if the fourth, third and second packets occurred in the 60
seconds prior to the fifth.  The first packet is really no londer
relevant.

-Nate

-- 
--< ((\))< >----< inkblot at movealong.org >----< http://www.movealong.org/ >--
pub  1024D/05A058E0 2002-03-07 Nate Riffe (06-Mar-2002) <inkblot at movealong.org>
     Key fingerprint = 0DAC F5CB D182 3165 D757  C466 CD42 12A8 05A0 58E0


More information about the ufo mailing list