From owner-freebsd-questions@FreeBSD.ORG Wed Apr 13 22:12:02 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5034816A4CF for ; Wed, 13 Apr 2005 22:12:02 +0000 (GMT) Received: from ipact2.infopact.nl (x71.infopact.nl [212.29.160.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74CD243D4C for ; Wed, 13 Apr 2005 22:12:01 +0000 (GMT) (envelope-from b.rossen@onsnet.nu) Received: from [192.168.1.100] (32-11-ftth.onsnet.nu [84.35.11.32]) by ipact2.infopact.nl (8.12.10/8.12.10) with ESMTP id j3DMC0DG001221 for ; Thu, 14 Apr 2005 00:12:00 +0200 From: Benjamin Rossen Organization: GearSticker Corporation To: freebsd-questions@freebsd.org Date: Thu, 14 Apr 2005 00:11:44 +0200 User-Agent: KMail/1.7.1 References: <36f5bbba050406001514562df7@mail.gmail.com> <200504132347.49133.b.rossen@onsnet.nu> <19221994686.20050413235524@hexren.net> In-Reply-To: <19221994686.20050413235524@hexren.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200504140011.44565.b.rossen@onsnet.nu> X-Scanned-By: MIMEDefang - SpamAssassin Subject: Re: too many illegal connection attempts through ssh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: b.rossen@onsnet.nu List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2005 22:12:02 -0000 On Wednesday 13 April 2005 23:55, Hexren wrote: > > Just an idea... > > > Benjamin Rossen > > --------------------------------------------- > > Sounds fun but opens the door for every local user with ssh access to > DOS the machine he is on. I am not that found of the idea. Not at all. Let us say that a trusted authority were to operate the central server. The central server would not authorize a coordinated defensive DOS unless there were to be evidence that the cracker had been attacking many machines - perhaps the criterion could be framed to trigger a defensive DOS only if it were established that the cracker had been attacking many disparate machines in different parts of the world. Who is tracking this kind of thing centrally? No one. When you find that someone is trying to get into one of your servers you have no idea of what else that individual may be doing. A central trusted authority would know. Benjamin Rossen