Date: Wed, 23 Nov 2005 15:16:58 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Subject: Re: Need urgent help regarding security Message-ID: <20051123150509.P90242@roble.com> In-Reply-To: <20051123120058.DAA3C16A484@hub.freebsd.org> References: <20051123120058.DAA3C16A484@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Lowell Gilbert wrote: >> Not sure I agree with the easily part.. TCP transport plus SSH >> protocol spoofing is not a vector that normally needs to be secured >> beyond what is already done in the kernel and router. That's not to >> say such spoofing cannot be done, just that it is rare and would >> require a compromised router or localnet host at a minimum. > > Except that it doesn't require spoofed addresses. One attacker from the > local university's computer center (or from a large shell service ISP) > could lock out all of the other users on that machine. Trivially. And that's exactly what you want. The alternative is to let the dictionary attack continue unabated. At least once the blackhole is up, and notices sent, the target host's admins can contact the attacking host's admins to shutdown the account or process running the scan. If nobody is monitoring the IDS alerts that's a different problem. -- Roger Marquis Roble Systems Consulting http://www.roble.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051123150509.P90242>