break-in attempt in my machine
Chris Green
cl at isbd.net
Sat Sep 3 13:04:59 UTC 2016
On Sat, Sep 03, 2016 at 08:13:20PM +1000, Karl Auer wrote:
> On Sat, 2016-09-03 at 10:13 +0100, Chris Green wrote:
> > Yes, but it's 'remote' access in the sense I was meaning, you can't
> > brute force a password via an ssh login. By that I mean you can't
> > brute force a password at the ssh login prompt.
>
> Of course you can. It's just a question of bandwidth, and a login
> attempt doesn't take much.
>
> If your system doesn't resist it, I can just make ten thousand
> simultaneous connections to you; each attempt takes a few seconds to
I doubt it, apart from anything else my bandwidth won't sustain it.
Also there will be a limit on the number of connections open.
Not to mention that ssh has both MaxStartups and MaxSessions
parameters which will limit you typically to a few tens of sessions.
--
Chris Green
More information about the ubuntu-users
mailing list