Re: rate limiting sshd connections ?

From: Roger Marquis (marquis_at_roble.com)
Date: 05/11/04

  • Next message: Patrick Proniewski: "Re: rate limiting sshd connections ?" 
    Date: Tue, 11 May 2004 13:27:07 -0700 (PDT)
To: freebsd-security@freebsd.org

    Roger Marquis wrote:
    > Aside from having more connection limiting features inetd is also
    > easier to configure on non-standard ports, uses less memory (1K vs
    > 5K), and has a simpler (and by extension more secure) code base.
    >
    "slimmy baddog" wrote:
    > I would strognly suggest that you dont use inetd for running services but
    > running all your services as daemons wich is much faster for the system
    >and safer.

    That used to be the recommendation, back when 50MHz CPUs were the
    norm. With 1 GHz and faster CPUs the difference between sshd and
    inetd starting a child sshd is in the millisecond range i.e, impossible
    to distinguish by look and feel.

    As to security I think both code bases have had about the same
    degree of peer review. The smaller size of the inetd code base
    is what makes it more secure. 

    -- 
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: Patrick Proniewski: "Re: rate limiting sshd connections ?"