10.3 - any way to throttle connection attempts?

An elderly friend has a mac running 10.3 on an ADSL link. She's seeing many thousands of ssh login attempts per day, sufficient to eat significantly into her monthly download allowance (the isp charges for traffic, whether there is a successful connection or not). I'm wondering if there is any way to throttle connection attempts back? I.e. I know it is possible to set up iptables that way, but is there any front end for this, or does one have to build the iptables by hand?

Thanks Clea; I hadn't realised OSX didn't use iptables.
Yes, she does need to allow ssh connections (I use ssh to maintain her machine, from a distance of about 10,000 km - not always easy). Of course, this means that I can't risk anything that might disable the ssh connection, since I then wouldn't be able to recover it.
I need to explain that security isn't an issue - the ssh setup is secure, and no attempted breakins have succeeded (only one account is accessible by ssh, and that one has a very secure password). The problem is purely the bandwidth that is being used by the unsuccessful login attempts: I'd like to find a way to simply drop these illicit connection attempts at the firewall (which means they will cost just the 80B or so of the initial connection message) rather than, as now, refuse the ssh connection (which typically costs 2K-4K because of the handshaking that goes on). With 10K illicit connection attempts per day now becoming typical on this network, that's a very substantial bandwidth saving.
Changing the ssh port might do the job, but it looks like a fair amount of work. I'll try it on the weekend.

Similar Messages

  • Is there any way I can connect my iPhone to my projector to demonstrate an app?

    Is there any way I can connect my iPhone to my projector to demonstrate an app?

    Yes, there are cables in the Apple Store that will send video to an external screen, but it depends on the app....3rd party apps may need to be written to allow video out...some mirror the iPhone screen and some only use the external - it depends on how the app works, etc.
    Start by getting a compatible cable.

  • Any way to use connection for Ethernet if wifi not available?

    Going to place where there is only wired connection. Is there any way I can connect to Internet from my iPad?

    I use a Virgin mobile MiFi which allows upto 5 wireless connections which is basically a Sprint data access for no contract $50.00 /month fee unlimited, lower prices for limited duration/packet charges.
    A major decision when purchasing iPad mini WiFi-only vs Cell enable locked to AT&T (yes I know, but have an iPhone already with them).

  • Any way to decrease connection number?

    Hello;
    I am programming an album site...The thumbnail images are called somewhere outside http because i dont want anyone to see others photos...so i call the photos with buffered file stream
    in the photostream.jsp the images are drawed explained as above with servletoutputstream...
    in the album.jsp the thumbnail images are included as <img src="photostreamjsp?photo_id=xx"> and there is max 16 thumbnail images shown on album.jsp
    now the problem:the photostream.jsp included as 16 times and it makes 16 database connection...is this too much..?if it is too much how can i decrease it..?is there any way to store th images in an array?
    Note:think that there is 100 users online and 1600 database query?
    thank you

    Hello;
    I am programming an album site...The thumbnail images
    are called somewhere outside http because i dont want
    anyone to see others photos...so i call the photos
    with buffered file stream
    in the photostream.jsp the images are drawed
    explained as above with servletoutputstream...
    in the album.jsp the thumbnail images are included as
    <img src="photostreamjsp?photo_id=xx"> and there is
    max 16 thumbnail images shown on album.jsp
    now the problem:the photostream.jsp included as 16
    times and it makes 16 database connection...is this
    too much..?This is where testing comes into play. Pre-optimization may be the root of all evil, but one should aspire to send all the data with the minimum amount of transactions and minimum amount of transfer data possible.
    if it is too much how can i decrease
    it..?is there any way to store th images in an
    array?Have you looked at all into using a sql batches ?
    >
    Note:think that there is 100 users online and 1600
    database query?That depends on a couple of things:
    1) what are the chances that all of the uses will be hitting the database at the same time ?
    2) How many concurrent connections can your database handle
    3) How long are you users prepared to wait under the guide of "acceptable performance time"
    4) Has any load testing been done and have any metrics been decided on as to what you consider acceptable performance ?
    >
    thank you

  • Straighten tool. Any way to throttle it down?

    I'm finding the straighten tool to be problematic. Very sensitive to my mouse movements. And, because my mouse is not perfectly clean and that my fingers are a little shaky, I'm having trouble being precise with the straighten tool. Any way to get this to work easier for me?
    Antonio
    P.S. Sorry about all the questions today, but I'm using Aperture for a crucial job and I'm beginning to find all of shortcomings at once. Thanks for your help and patience.

    If I click on the photo, then drag the mouse to the edge of the screen before starting the lateral movements then the adjustment is far less aggressive than if I click and drag laterally near the center of the photo. Getting a tenth degree adjustment is easy using this method. It's like spinning a tire by grabbing farther out on the spokes--it takes more lateral movement of the spoke to get less radial movement of the tire.

  • Is there any way I can connect three AirPort Expresses to a D-Link DIR 655?

    I have a 2009 D-Link DIR 655 running 1.33NA and I need to connect my three AirPort Express systems in order to run my XBox to XBox LIVE, and I am having some serious difficulty doing so.  I've checked all over the Internet, googled the issue about ten different ways, and not a whole lot has come up.  HELP!!!!!

    Apple has done their best to install proprietary software in their wireless routers that is designed to only allow other Apple routers to repeat or extend the network wirelessly.
    So, the chances are extremely small that a D-Link....or another other router for that matter.....could be configured to do what you ask.
    There are no settings on an AirPort Extreme that would allow a D-Link device to extend the network, so all that you can do is experiment with different settings on the D-Link device to see if it might be possible for it to extend the network.
    A post on a D-Link support forum might be a good idea to see if any D-Link specialists have some ideas on this topic.
    Good luck.

  • My only hdmi is used for my Sky; is there any way I can connect AppleTV to my screen?

    I can only fine one slot on my Hitachi 42PD7200 and that is used to connect my Sky box. Am I able to connect Apple TV in any other way?
    Thanks

    Welcome to the Apple Community.
    You could try using an HDMI switch.

  • Any way to throttle photo upload?

    After upgrading to 10.10.3 and Photos, it seems that the upload of my library to iCloud is consuming all of my available bandwidth, to the point where my Mac and any other device in my house has become unusable. In Activity Monitor, nurlsessiond is at the top of the list with about 1000x the sent packet rate of the next highest process.
    With 400 GB of pictures to upload, am I going to have to live with this for the next week or is there a way I can slow down the upload rate, even if it means my library will take longer to upload?

    This is geeky but seems to work: Use Apple's Network Link Conditioner (NLC) to limit the upload speed from your computer.
    Download the NLC system preference from the Apple Developer's site. It is part of the Hardware IO Tools.
    Install the NLC system preference.
    Open the NLC system preference and create a new profile.
    Limit the Uplink speed. I chose about 60% of my available uplink bandwidth and that seems to work OK.
    Set the Downlink limit to something at least close to your ISP's bandwidth or above.
    You'll probably need to play around with the limits. Remember that it affects all of the network traffic in and out of the computer so something like a Time Capsule backup might go really, really slowly.
    Here's the setting I used:

  • Any way to throttle abusers?

    Question: Is there any setting or add-in for the Java System Web Server which restricts abusers accessing the website every few seconds?
    Longer explanation: One important (to me) feature I haven't found in the Java Web Server is the ability to throttle users who are abusing the website, but accessing it less than once per second. I know there is a built-in ability to block access that is greater than 1 per second, but that's not enough for what I need. We can have bots causing problems scraping a server every 2-3 seconds.
    I checked into this about a year ago, but didn't find any solutions. I'm hoping there is something available now.
    Thanks!
    Tim

    In the earlier topic you indicate that you're hoping to get similar behavior as mod_bwshare. This looks remarkably like the capabilities of Web Server's Quality of Service (QOS) feature. This allows you to average out the amount of bandwidth for a client over up to 3600 seconds and throttle the traffic based on that average.
    The QOS docs seem pretty difficult to find, but so far I've found some helpful stuff in the CLI (wadm) book and in the Admin Config File Reference (somewhere around page 77).
    The NSAPI Programmer's guide provides examples of how to write SAFs that take advantage of the QOS stats and take action based on them (page 60).
    Please do share what (if anything) you come up with. I'm curious about the solution you find that works for you.

  • Is there any way I can connect an ethernet cable to the air with an adapter?

    I have a macbook air which of copurse does niot have an ethernet cable. However, I need to use one rather than wifi. Is there an adapter that would allow me to connect an ether net cable to the Air? I am assuming the answer is no, but thought I would try.
    Ray

    no there is one
    http://store.apple.com/us/product/MC704ZM/A/apple-usb-ethernet-adapter

  • Is there any way i can connect my xbox to my mac mini 2009?

    I have the cinema hd display that comes with the mac mini 2009 and i want to connect my xbox 360 (newest version) to it. Is it possible?

    Hi Austin, seems the problem is you need an Analog->Digital converter...
    http://forums.macrumors.com/showthread.php?t=172157&highlight=ps3+acd
    http://www.xboxrrod.com/connecting-an-xbox360-to-an-apple-cinema-hd-display
    http://forums.macrumors.com/showthread.php?t=179454
    http://modmyi.com/forums/mac-gaming/659671-connecting-xbox-mac-monitor.html
    Not sure, but this may be the cheapest solution, just not sure if it can connect to your monitor...
    http://www.kanexlive.com/xd

  • HT201302 the last time I synced my iPhone to my computer, it put many  videos on my phone, and many copies of Each one. it won't let me delete them off my iPhone, is there any way I can connect my phone to my computer and delete them?

    please help!!

    The same way the photos were transferred from your computer, via the iTunes sync process.
    Deselect sync photos under the photos tab for your iPhone sync preferences with iTunes followed by sink to remove all.

  • Is there any way to connect an iPhone to an external hard drive without the use of a computer?

    Hello All,
    I am planning to travel to Central America, and I want to take pictures with my iPhone. I only have 8 GB memory, so I wanted to take my 1 TB WD Mac External Hard Drive with me on the trip. Is there any way I can connect my iPhone directly to the external hard drive, without the use of a computer? Thanks in advance!

    The external hard drive has only one input port which is usb, so you can only use usb here. Also try considering online storage.

  • N95-3 RM 160 wlan not think of any way!

    Hello, my name is helio and have a big problem with my n95-3 RM 160. I can not in any way make the connection for wlan, always trying to ... is the same msg no wlan available, could help me
    thanks

    But if they have no proof of water damage e.g no Liquid indicators changed i can still be under warranty?
    after the water dried it left some stains or white vapors or some sort of condesation that just doesnt seem to go away
    Liquid indicators are rather superfluous, aren't they?  You really are going to have to take money.

  • [SOLVED]PGL reporting persistent bogon connection attempts

    I noticed a series of connection attempts while reviweing pgld.log starting when I installed my system/acquired ADSL (occured at the same time). The log reads the following every 11-12 minutes:
    Feb 21 18:53:55 IN 192.168.1.1:138 192.168.1.255:138 UDP || Consiglio Nazionale delle Ricerche | Dabber.BBT | Bogon
    I added rules for tcp and udp to drop requests on ports 137-139,445,67,68 and the log readouts in pgld.log did not change. I also crosschecked the pgld.log on a seperate machine running Arch Bang on the same network and there were 0 hits over the course of hours. To check for intrusions I ran rkhunter and chkrootkit from a RO usb and ran snort for a couple of hours but found nothing.
    The main concern is that according to a pgl blocklist IPs eminating from "Consiglio Nazionale delle Ricerche", or "National Research Council", are persistently attempting to connect to my system. This Italian public organization is set up to conduct a variety of tech and science researches. I neither live in Italy nor have an ISP affiliated with Italy. However, the blocklist classifies it as a bogon, which undermines the possibility of the organization being positively identified.
    How do I proceed in order to understand the source of the problem and begin to stop the persistent connection attempts?
    The problem was also reported here on the forums but the ports are different. For me its reporting on a port associated with netbios, a legacy protocol used most often with Windows. The config in /etc/cups/client.conf yields nothing valuable and I would like to get rid of CUPS but # pacman -Rs cups shows that no such package exists.
    More information from wikipedia relating to the port in question:
    Datagram distribution service
    Datagram mode is connectionless; the application is responsible for error detection and recovery.
    In NBT, the datagram service runs on UDP port 138.
    The datagram service primitives offered by NetBIOS are:
    Send Datagram – send a datagram to a remote NetBIOS name.
    Send Broadcast Datagram – send a datagram to all NetBIOS names on the network.
    Receive Datagram – wait for a packet to arrive from a Send Datagram operation.
    Receive Broadcast Datagram – wait for a packet to arrive from a Send Broadcast Datagram operation.
    Last edited by Divinorum (2013-02-22 19:40:16)

    The Internet is the definition of an Unsecured network. The only way to prevent connection attempts is to unplug your computer from the Internet. It is exactly like trying to stop someone from talking to you.... You can kill the person, walk away, or where headphones so you don't hear them. At the end of the day you can not control what someone ells dose.
    If you are dropping the packets then you have nothing to worry about. Those connection attempts are just infected Widows computers trying to infect other Windows computers.
    Last edited by hunterthomson (2013-02-22 07:37:42)

Maybe you are looking for

  • How to get current editing text field in ClientConverter in Mozilla?

    Hello, I have a ClientConverter associated with a Decimal Field. Client Converter provides 2 java script methods for doing client side conversion of value as, *function converterGetAsString( value, label ) and function converterGetAsObject( value, la

  • PSE 8.0 and Microsoft Office 2010 64-bit

    Good day, I recently upgraded my Office version from 2007 32-bit to 2010 64-bit.  Originally, PSE integrated fine with Outlook 2007 and I had no problems.  However, now, when I attempt to email from within PSE, it does not work.  Instead, I get an er

  • How do I import an aaf with consolidated media?

    I am trying to import an aaf from avid that I have created.  When I created the aaf, I consolidated the media and converted everything to wav so Premiere would be able to read it.  After importing into premiere all the media is offline and it asks to

  • Error trying to open a project

    Hello, I am trying to open a project that was created on the same system I am trying to acces it . But, I keep on getting an error: This project is unreadable or may be too new for this version of Final Cut. The thing is that I started this project o

  • RAW files-How do I open it

    Who can help me to find a solution. 5 bought an Olympus E3 which takes Pics in ORF Format. For some reason Iphoto does not recognize the format, even though having an Olympus E500 before RAW was not a problem. Any suggestions???