Most SSH(2) and SFTP servers have some sort of built-in countermeasure against the most common attacks. Although some free solutions may be completely defenseless, the vast majority of corporate-grade SFTP servers are usually capable of protecting themselves against – at least – the following threats:
- DoS (and in some cases DDoS)
- Hammering
- Brute-force
- Password harvesting
- Protocol violations
All of the above protection mechanisms (except the one against “protocol violations”) assume that the attacker is someone from the outside who is trying to either break in and gain control of your machine, or simply tear it down and cause a service interruption.
The last bullet-point, though, is far more interesting, as it takes into account that the “attacker” (which might not even be a real attacker) may a legitimate user of your SSH/SFTP server, with valid authentication parameters, who sends wrongly formatted commands after he/she has successfully logged in. Continue reading