Linux

8676 readers

238 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

OpenSSH introduces options to penalize undesirable behavior (undeadly.org)

submitted 1 year ago by Blaze@lemmy.zip to c/linux@programming.dev

9 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] jet@hackertalks.com 31 points 1 year ago* (last edited 1 year ago) (8 children)

Repeated offenses by the same client address will accrue greater
penalties, up to a configurable maximum. A PerSourcePenaltyExemptList
option allows certain address ranges to be exempt from all penalties.

We hope these options will make it significantly more difficult for
attackers to find accounts with weak/guessable passwords or exploit
bugs in sshd(8) itself.

Nice rate limiting

[–] SpaceCadet 10 points 1 year ago (5 children)

In the old days we called it tar pitting.

[–] fluckx@lemmy.world 5 points 1 year ago (2 children)

Tell me in the old days there were other things that could happen. Like feathering somebody after tar pitting. I dont know what that would've meant. Maybe servers ridiculing an attacker or something.

Tar pitting sounds way more fun than rate limiting >.>

[–] SpaceCadet 2 points 1 year ago

I think it's supposed to evoke an image of an animal getting trapped in a tarpit.

IIRC, originally it was adding a delay on SMTP connections to keep spammers busy.

https://verifalia.com/help/email-validations/what-is-smtp-tarpitting

load more comments (1 replies)

load more comments (3 replies)

load more comments (5 replies)