Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 14 Apr 2005 00:30:11 +0200
From:      Hexren <me@hexren.net>
To:        Benjamin Rossen <b.rossen@onsnet.nu>
Cc:        freebsd-questions@freebsd.org
Subject:   Self Defense thourg DoS... ? (was: too many illegal connection attempts through ssh)
Message-ID:  <16324081427.20050414003011@hexren.net>
In-Reply-To: <200504140011.44565.b.rossen@onsnet.nu>
References:  <36f5bbba050406001514562df7@mail.gmail.com> <19221994686.20050413235524@hexren.net> <200504140011.44565.b.rossen@onsnet.nu>

next in thread | previous in thread | raw e-mail | index | archive | help
> On Wednesday 13 April 2005 23:55, Hexren wrote:
>> > Just an idea...
>> 
>> > Benjamin Rossen 
>> 
>> ---------------------------------------------
>> 
>> Sounds fun but opens the door for every local user with ssh access to
>> DOS the machine he is on. I am not that found of the idea.

> Not at all. Let us say that a trusted authority were to operate the central 
> server. The central server would not authorize a coordinated defensive DOS 
> unless there were to be evidence that the cracker had been attacking many 
> machines - perhaps the criterion could be framed to trigger a defensive DOS 
> only if it were established that the cracker had been attacking many 
> disparate machines in different parts of the world. 

> Who is tracking this kind of thing centrally? No one. When you find that 
> someone is trying to get into one of your servers you have no idea of what 
> else that individual may be doing. A central trusted authority would know. 

> Benjamin Rossen 


---------------------------------------------

"Central _trusted_ authority" leaves a bitter taste in my mouth... but
then I may be paranoid.
Anyway if I am a local user on a machine and I have access to an ssh
binary (that is what I meant with "ssh access") and bash, I can churn out connections
with the only limit beeing my bandwith and system limits on the number
of processes I can run at one time. But even with these set to
sensible defaults say 10 processes and 1/10 of site bw. I am able to
"attack many disparate machines in different parts of the world"
therefore I am able to trigger a _defensive_ DoS against the machine
in that I am.

Regards
Hexren



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16324081427.20050414003011>