[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-unix-dev
Subject: Re: Sending SSH_MSG_DISCONNECT before dropping connections
From: Damien Miller <djm () mindrot ! org>
Date: 2005-12-01 22:34:36
Message-ID: Pine.BSO.4.64.0512020933120.24491 () fuyu ! mindrot ! org
[Download RAW message or body]
On Thu, 1 Dec 2005, olle ollesson wrote:
> Hi again,
>
> Thanks for the clarifcation Markus. Now the natural next question:
>
> Is there any reason to why OpenSSH does not do it that way, that is, sens
> SSH_MSG_DISCONNECT with an SSH_DISCONNECT_TOO_MANY_CONNECTIONS reason code
> before closing the socket when the max number of allowed sessions has been
> reached? What are the pros and cons in doing so?
MaxStartups is a DoS mitigation setting - i.e. it is supposed to limit
the effect of someone flooding a server with connections, while still
allowing a real admin a chance of logging in.
As such, there is no point in being polite to people you are going to
drop.
-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic