ssh brute force attacks 3213

Peter T. Breuer

I deleted a bunch of Peter's typical red herrings and nit-pickings. Perter loves to try to get people caught up in unimportant details, arguing about semantics or the precise meanings of words. This lets him pretend he's shattering arguments. Best to ignore him and stick to the point.

xyz times

Yeah, right Peter. You've talked about just about everything BUT that. And of course conveniently cut out the important part of what I said there, which is that the attempted hacker now decides to take revenge with a DOS attack. buttuming that it's a human anyway, which it probably was not.

It's extremely unlikely that anyone would turn around a login attempt to a DOS attack, and you still ignore that it will be EXTREMELY difficult to simulate logins while spoofing against an sshd that uses MaxStartups. The real fact probably is that you realize just as well as I do that this is unlikely, very difficult, and pointless to worry about. It is EXACTLY what sshd does with MaxStartups; it simply extends the idea to another level.

And as usual (I've seen you do this so many times), you run away insisting that the other person is a fool and that you've been right all along.

I'm not going to let you do it :-)

Show me a technique whereby you can reliably trigger a DOS for a failed login trap sitting behind a MaxStartups enabled sshd server. You might accidentally do it for some spoofed IP's, but I don't think you can do it reliably and it's also impossible for you to even know if you were successful. And that's my point: this would be a lousy way to do a DOS against anyone, so if such were your intent, I doubt you'd use it.

C'mon back and blather more about something unrelated, Peter - I expect nothing less.

-- Tony Lawrence