[lug] DOS ssh attacks

Patrick Mullen pmullen.lists at gmail.com
Sat Jan 10 15:23:36 MST 2009

> since this topic is relevant,i'm wondering if someone can explain something to me about DOS attacks.
> most of those replying here are offering firewall solutions that block certain ips based on x condition.
> although this helps the problem somewhat, it doesn't really solve it does it?

The processing involved with dropping a packet at the SYN is
significantly less than that of processing the entire TCP handshake,
initiating encryption, checking credentials, etc.  If you can reduce
hundreds of brute force attempts to four (times the number of
originating hosts), the CPU load will be drastically reduced.

I didn't get the impression the problem was a traffic-based dos; I
believe the problem is handling all of the excess login requests.


More information about the LUG mailing list