search for: dnris

Has anyone checked to make sure that this won't upset sshguard? [1] Offhand, it looks like it will [2][3]. [1] https://www.sshguard.net/ [2] https://bitbucket.org/sshguard/sshguard/src/2ed7e0aee18b7271daab92d5335c14e04bb2cc89/src/parser/attacks.txt?at=master&fileviewer=file-view-default#attacks.txt-9 [3]

>>> TL;DR: please try the patch out and report if it causes "Did not receive >>> identification string" log messages. I believe it does not. Aw crap. My homegrown anti-dos tool for ssh looks for either DNRIS or if logging is verbose enough a connection that didn't result in a login. I give the attacker a few tries and whitelist any successful candidate so I should be ok, but things are getting a bit riskier. I'm a big fan of happy eyeballs in general so I hope there is some way to allow happy...

Hi, On Mon, Feb 26, 2018 at 11:32:26AM +0000, Kim Minh Kaplan wrote: > TL;DR: please try the patch out and report if it causes "Did not receive > identification string" log messages. I believe it does not. It depends on absolute RTT to the target. If you stay local ("< 50ms"), the 250ms offset should reliably avoid DNIS logs. If you happen to connect to Australia