[plug] firewalling ssh

Adrian Chadd adrian at creative.net.au
Tue Jan 9 16:21:44 WST 2007

On Tue, Jan 09, 2007, Adrian Woodley wrote:

> That is pretty unlikely on a domestic DSL connection. My personal server is on a 3Mbit link and I still don't see that as being a problem. Maybe on 100Mbit or even 10Mbit (doubtful). 

3mbit's plenty of bandwidth!

Thats 2000-odd pps at 1500 byte frames. Gross over-simplication here:

* tcp handshake: 3 frames
* ssh negotation, maybe a dozen?
* password attempts, maybe half a dozen?
* and a handful of acks.

So 20 odd frames for an SSH exchange, maybe? You could probably do a
good hundred or so password attempts a second at the very least on 3mbit.

Assuming each failure generates 2 50-character log entries, at 100
attempts a second you're looking at 10k of logs a second. Extrapolate. :)

(Now, thats reasonably unlikely as you'd -notice- 100 ssh attempts a sec; but
even 2 attempts a sec is doable. Thats what, ~ 16 megabytes of logs an hour?)


More information about the plug mailing list