Half of these will be allowed with the current installer behavior:On Tue, Feb 24, 2015 at 8:45 AM, Stephen John Smoogen <firstname.lastname@example.org> wrote:
> On 24 February 2015 at 05:46, Hubert Kario <email@example.com> wrote:
>> On Tuesday 24 February 2015 13:08:46 Tomas Mraz wrote:
>> > On Út, 2015-02-24 at 12:32 +0100, Hubert Kario wrote:
>> > > rate limiting and denyhosts have no impact what so ever when the
>> > > attacker
>> > > has a botnet to his disposal
>> > Large botnet means that the attack is targeted. I do not think we can
>> > prevent targeted attack against weak password in the default
>> > configuration. What we should aim at is prevention of non-targeted
>> > attacks such as attacks you can see when you open ssh port on a public
>> > IP almost immediately. These attacks usually come from single IP
>> > address.
>> Not necessarily, I've seen both - where an IP did try just 2 or 3
>> password/user combinations and ones that did try dozens.
>> Having access to botnet is not uncommon or expensive, making it possible
>> "bored student" kind of targeted attacks. You can do low level of such an
>> attack with just EC2.
>> I'm not saying that we shouldn't have rate limiting, but it shouldn't be
>> only thing above simple dictionary check.
> That matches what I am seeing with a couple of random servers I have out
> there. The number of attacks where IP address one is doing