This is a discussion on Re: [fw-wiz] cisco ssh rate limit - Firewalls ; We have many many outside sources that vary unpredictably, and we have no control (or knowledge) over that. An alternative is to set up a bastion host, but that will break a lot of file transfers and require painful changes ...
We have many many outside sources that vary unpredictably, and we have no
control (or knowledge) over that. An alternative is to set up a bastion
host, but that will break a lot of file transfers and require painful
changes and new infrastructure. We may do that eventually.
At 09:37 AM 5/26/2006, David Swafford wrote:
>Have you thought about using an access control list instead for the ssh
>connection? I am not deeply familiar with the PIX yet but I know on Cisco
>routers you can setup an access list that defines what source IPs are
>allowed to telnet into the box. I'm thinking functionality like this
>would be something that you might find on the PIX for ssh. On IOS routers
>it is configured slightly differently than a standard access list in that
>you configure it at the virtual interface I believe. I'm thinking that
>you might cause yourself some problems by limited the attempts as this
>might prevent you from accessing the box.
>Anyone else have any thoughts on this?
>David A. Swafford
>Archbishop Alter High School
>Information Technology Team, Network Engineer
>A Cisco CCNA and a CompTIA Network+ and Security+ Certified Professional
> >>> email@example.com 5/26/2006 11:07 am >>>
>Can we set our PIX firewall to limit the rate at which ssh connection
>attempts are allowed? I would like to set it so that ssh is limited to 2
>connections per minute for any source/destination pair. Does this cause
>much impact on the PIX?
firewall-wizards mailing list